LiveActive security incident?Get immediate response
CVE archive

June 2008

Browse CVE records published in June 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 457 matching CVEs · Page 2 of 10.

Unknown · CVSS Not scored

CVE-2008-2898: Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to in...

Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Published Jun 27, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-2948: Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the loc...

Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.

Published Jun 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-2912: Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute...

Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenido_path parameter to (a) contenido/backend_search.php; the (2) cfg[path][contenido] parameter to (b) move_articles.php, (c) move_old_stats.php, (d) optimize_database.php, (e) run_newsletter_job.php, (f) send_reminder.php, (g) session_cleanup.php, and (h) setfrontenduserstate.php in contenido/cronjobs/, and (i) includes/include.newsletter_jobs_subnav.php and (j) plugins/content_allocation/includes/include.right_top.php in contenido/; the (3) cfg[path][templates] parameter to (k) includes/include.newsletter_jobs_subnav.php and (l) plugins/content_allocation/includes/include.right_top.php in contenido/; and the (4) cfg[templates][right_top_blank] parameter to (m) plugins/content_allocation/includes/include.right_top.php and (n) contenido/includes/include.newsletter_jobs_subnav.php in contenido/, different vectors than CVE-2006-5380.

Published Jun 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-2908: Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client fo...

Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information.

Published Jun 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-2742: Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/conn...

Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.

Published Jun 17, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-2718: Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7...

Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published Jun 16, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-2797: Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attacke...

Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jun 20, 2008 · Updated Aug 7, 2024