Total
12840 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5547 | 1 Hauri | 1 Virobot | 2025-04-09 | N/A |
| HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2008-5543 | 2 Microsoft, Symantec | 2 Internet Explorer, Antivirus | 2025-04-09 | N/A |
| Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2008-5545 | 2 Microsoft, Trend Micro | 2 Internet Explorer, Trend Micro Antivirus | 2025-04-09 | N/A |
| Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2008-5580 | 1 Mini-pub | 1 Mini-pub | 2025-04-09 | N/A |
| mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument. | ||||
| CVE-2008-5657 | 1 Quassel | 1 Quassel Core | 2025-04-09 | N/A |
| CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message. | ||||
| CVE-2008-5669 | 1 Textpattern | 1 Textpattern | 2025-04-09 | N/A |
| index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | ||||
| CVE-2008-5693 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | N/A |
| Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | ||||
| CVE-2008-5695 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2025-04-09 | N/A |
| wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins. | ||||
| CVE-2008-5887 | 1 Tincan | 1 Phplist | 2025-04-09 | N/A |
| phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | ||||
| CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2025-04-09 | N/A |
| CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | ||||
| CVE-2008-6207 | 1 Phpg Upload | 1 Phpg Upload | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in form_upload.php in PHPG Upload 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6541 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors. | ||||
| CVE-2008-6555 | 1 Puppetmaster | 1 Webutil | 2025-04-09 | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | ||||
| CVE-2008-6702 | 1 Stalker-game | 1 S.t.a.l.k.e.r.\ | 2025-04-09 | N/A |
| S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception. | ||||
| CVE-2008-6742 | 1 Gofoxy | 1 Foxy | 2025-04-09 | N/A |
| Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. | ||||
| CVE-2008-6745 | 1 Blogphp | 1 Blogphp | 2025-04-09 | N/A |
| index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | ||||
| CVE-2008-6752 | 1 Revou | 1 Revou | 2025-04-09 | N/A |
| adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation. | ||||
| CVE-2008-6790 | 1 Minddezign | 1 Photo Gallery | 2025-04-09 | N/A |
| The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php. | ||||
| CVE-2008-6793 | 1 Dflabs | 1 Ptk | 2025-04-09 | N/A |
| The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | ||||
| CVE-2008-6826 | 1 Mhfmedia | 1 Ads Pro | 2025-04-09 | N/A |
| dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | ||||