CVE-2008-0494 (Firewall)

Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-0500 (LaiThai)

Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser.

CVE-2008-0490 (WP_Cal Plugin)

SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0499 (LaiThai)

SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-0492 (XUpload)

Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.

CVE-2008-0498 (Bigware Shop)

SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.

CVE-2008-0488 (VB Marketing)

Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.

CVE-2008-0497 (Nucleus CMS)

Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.

CVE-2008-0493 (IrfanView)

fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.

CVE-2008-0496 (AmpJuke)

Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.

« Previous Entries

Search Box

Badware Alerts

• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2090 (Solaris)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2089 (Solaris)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2091 (kubelance)
• CVE-2008-2089 (Solaris)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)

Related Sites

• Chart Vulnerabilities - Chart vulnerabilities discovered within a product

Categories

• Badware
• Badware News

Meta

• Log in
• Main Entries Rss
• Comments Rss