LiveActive security incident?Get immediate response
CVE archive

January 2008

Browse CVE records published in January 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 638 matching CVEs · Page 2 of 13.

Unknown · CVSS Not scored

CVE-2008-5929: VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control,...

VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 21, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5874: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla!

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.

Published Jan 8, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5916: gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1...

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.

Published Jan 21, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5939: Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attacke...

Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.

Published Jan 22, 2009 · Updated Aug 7, 2024