LiveActive security incident?Get immediate response
CVE archive

January 2008

Browse CVE records published in January 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 638 matching CVEs · Page 3 of 13.

Unknown · CVSS Not scored

CVE-2008-5926: Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attacker...

Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.

Published Jan 21, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5931: The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control,...

The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 21, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5897: CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access contro...

CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5907: The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow...

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

Published Jan 15, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5867: Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and...

Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jan 7, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5954: SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabl...

SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jan 23, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5949: Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to ex...

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.

Published Jan 23, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5892: Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL com...

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5898: CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, w...

CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5927: Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers t...

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.

Published Jan 21, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5885: The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control...

The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5886: TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access contro...

TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5913: The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x...

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

Published Jan 20, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5900: CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, wh...

CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5888: Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL comman...

Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5899: CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control,...

CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5911: Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x...

Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request.

Published Jan 20, 2009 · Updated Aug 7, 2024