-
Badware
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2090 (Solaris)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2089 (Solaris)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2091 (kubelance)
- CVE-2008-2089 (Solaris)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2089 (Solaris)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
Categories
Monthly Archives: January 2008
CVE-2008-0470 (Comodo AntiVirus, ActiveX)
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
Posted in Badware
Leave a comment
CVE-2008-0492 (XUpload)
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.
Posted in Badware
Leave a comment
CVE-2008-0475 (Applications Manager)
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the “/-” URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Posted in Badware
Leave a comment
CVE-2008-0498 (Bigware Shop)
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
Posted in Badware
Leave a comment
CVE-2008-0468 (Flinx)
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Posted in Badware
Leave a comment
CVE-2008-0488 (VB Marketing)
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
Posted in Badware
Leave a comment
CVE-2008-0497 (Nucleus CMS)
Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.
Posted in Badware
Leave a comment
CVE-2008-0493 (IrfanView)
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
Posted in Badware
Leave a comment
CVE-2008-0496 (AmpJuke)
Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.
Posted in Badware
Leave a comment
CVE-2008-0491 (fGallery plugin)
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
Posted in Badware
Leave a comment