LiveActive security incident?Get immediate response
CVE archive

March 2008

Browse CVE records published in March 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 737 matching CVEs · Page 1 of 15.

Medium · CVSS 5.5

CVE-2008-10001: Pro2col Stingray FTS cross site scriting

A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.1

CVE-2008-1299: Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build...

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 12, 2008 · Updated Apr 3, 2025

Critical · CVSS 9.8

CVE-2008-1511: Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbi...

Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 25, 2008 · Updated Apr 3, 2025

High · CVSS 7.8

CVE-2008-1246: The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering ch...

The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank

Published Mar 10, 2008 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2008-1469: Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) g...

Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 24, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-1175: Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitra...

Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 6, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-1464: Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arb...

Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 24, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-1432: Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allo...

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 20, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7282: Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2....

Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.

Published Mar 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-1342: Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and Collage...

Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 17, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7278: The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does no...

The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

Published Mar 18, 2011 · Updated Sep 16, 2024

Medium · CVSS 6.5

CVE-2008-10003: iGamingModules flashgames game.php sql injection

A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.

Published Mar 5, 2023 · Updated Aug 7, 2024

Medium · CVSS 6.5

CVE-2008-10004: Email Registration email_registration.module email_registration_user sql injection

A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.

Published Mar 6, 2023 · Updated Aug 7, 2024

Medium · CVSS 4

CVE-2008-10002: cfire24 ajaxlife cross site scripting

A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.

Published Mar 5, 2023 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6568: Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by upl...

Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 31, 2009 · Updated Aug 7, 2024