Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2008-1977 Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node t... | N/A | NONE | β | 0 |
| CVE-2008-1978 Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to un... | N/A | NONE | β | 0 |
| CVE-2008-1979 The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment... | N/A | NONE | β | 0 |
| CVE-2008-1980 Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified v... | N/A | NONE | β | 0 |
| CVE-2008-1981 Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users vi... | N/A | NONE | β | 0 |
| CVE-2008-1982 SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | N/A | NONE | β | 0 |
| CVE-2008-1983 Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. | N/A | NONE | β | 0 |
| CVE-2022-43170 A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute ar... | 5.4 | MEDIUM | β | 0 |
| CVE-2008-1984 The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a mal... | N/A | NONE | β | 0 |
| CVE-2008-1985 Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. | N/A | NONE | β | 0 |
| CVE-2008-1986 Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter. | N/A | NONE | β | 0 |
| CVE-2008-1987 Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | N/A | NONE | β | 0 |
| CVE-2008-1988 Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by... | N/A | NONE | β | 0 |
| CVE-2008-1989 PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a U... | N/A | NONE | β | 0 |
| CVE-2008-1990 Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_log... | N/A | NONE | β | 0 |
| CVE-2008-1991 Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | N/A | NONE | β | 0 |
| CVE-2008-1992 Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions an... | N/A | NONE | β | 0 |
| CVE-2024-13224 The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which cou... | 6.1 | MEDIUM | β | 0 |
| CVE-2008-1993 Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files. | N/A | NONE | β | 0 |
| CVE-2008-1994 Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or... | N/A | NONE | β | 0 |
| CVE-2008-1670 Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly exec... | N/A | NONE | β | 0 |
| CVE-2008-1671 start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably comma... | N/A | NONE | β | 0 |
| CVE-2008-1995 Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass ... | N/A | NONE | β | 0 |
| CVE-2008-1103 Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." | N/A | NONE | β | 0 |
| CVE-2008-1930 The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a usernam... | N/A | NONE | β | 0 |
| CVE-2008-1996 licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections. | N/A | NONE | β | 0 |
| CVE-2008-1997 Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NO... | N/A | NONE | β | 0 |
| CVE-2008-1998 The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file param... | N/A | NONE | β | 0 |
| CVE-2008-1999 Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as d... | N/A | NONE | β | 0 |
| CVE-2008-2000 Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | N/A | NONE | β | 0 |
| CVE-2008-2001 Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. | N/A | NONE | β | 0 |
| CVE-2008-2002 Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the... | N/A | NONE | β | 0 |
| CVE-2008-2003 BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocation... | N/A | NONE | β | 0 |
| CVE-2008-1293 ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display... | N/A | NONE | β | 0 |
| CVE-2008-2008 Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a lon... | N/A | NONE | β | 0 |
| CVE-2008-1735 BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked S... | N/A | NONE | β | 0 |
| CVE-2008-1736 Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system c... | N/A | NONE | β | 0 |
| CVE-2008-1737 Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain priv... | N/A | NONE | β | 0 |
| CVE-2008-1738 Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Ser... | N/A | NONE | β | 0 |
| CVE-2008-2010 Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the onl... | N/A | NONE | β | 0 |
| CVE-2008-2011 Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject a... | N/A | NONE | β | 0 |
| CVE-2008-2012 SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action. | N/A | NONE | β | 0 |
| CVE-2008-2013 SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the i... | N/A | NONE | β | 0 |
| CVE-2008-2014 Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | N/A | NONE | β | 0 |
| CVE-2008-2015 Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument ... | N/A | NONE | β | 0 |
| CVE-2008-2016 PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default UR... | N/A | NONE | β | 0 |
| CVE-2008-2017 Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation para... | N/A | NONE | β | 0 |
| CVE-2008-2018 The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obt... | N/A | NONE | β | 0 |
| CVE-2008-2019 Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA ... | N/A | NONE | β | 0 |
| CVE-2008-2020 The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11,... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.