LiveActive security incident?Get immediate response
CVE archive

March 2008

Browse CVE records published in March 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 737 matching CVEs · Page 3 of 15.

Unknown · CVSS Not scored

CVE-2008-6522: Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terra...

Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.

Published Mar 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6505: Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 al...

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

Published Mar 23, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6492: Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers...

Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information.

Published Mar 20, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6512: Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to...

Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain.

Published Mar 24, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6478: Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels...

Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.

Published Mar 16, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6470: Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensiti...

Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files. NOTE: some of these details are obtained from third party information.

Published Mar 13, 2009 · Updated Aug 7, 2024