Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed…

CVE-2008-6742NONECVSS 0.0EG 0.0

2009-04-21

Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value.

CVE-2008-6745NONECVSS 0.0EG 0.0

2009-04-23

index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.

CVE-2008-6750NONECVSS 0.0EG 0.0

2009-04-24

Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.

CVE-2008-6751NONECVSS 0.0EG 0.0

2009-04-24

Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a d…

CVE-2008-6752NONECVSS 0.0EG 0.0

2009-04-24

adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges…

CVE-2008-6772NONECVSS 0.0EG 0.0

2009-04-29

login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the …

CVE-2008-6790NONECVSS 0.0EG 0.0

2009-05-04

The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.

CVE-2008-6791NONECVSS 0.0EG 0.0

2009-05-04

PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.

CVE-2008-6793NONECVSS 0.0EG 0.0

2009-05-07

The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.

CVE-2008-6806NONECVSS 0.0EG 0.0

2009-05-12

Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the f…

CVE-2008-6814NONECVSS 0.0EG 0.0

2009-05-28

Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an…

CVE-2008-6826NONECVSS 0.0EG 0.0

2009-06-08

dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.

CVE-2008-6829NONECVSS 0.0EG 0.0

2009-06-08

VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.

CVE-2008-6882NONECVSS 0.0EG 0.0

2009-07-30

Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query str…

CVE-2008-6913NONECVSS 0.0EG 0.0

2009-08-07

Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then …

CVE-2008-6938NONECVSS 0.0EG 0.0

2009-08-11

Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via …

CVE-2008-6942NONECVSS 0.0EG 0.0

2009-08-12

Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, …

CVE-2008-6943NONECVSS 0.0EG 0.0

2009-08-12

Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct req…

CVE-2008-6944NONECVSS 0.0EG 0.0

2009-08-12

Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request t…

CVE-2008-6948NONECVSS 0.0EG 0.0

2009-08-12

Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct reques…

CVE-2008-6962NONECVSS 0.0EG 0.0

2009-08-13

Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.

CVE-2008-6976NONECVSS 0.0EG 0.0

2009-08-19

MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.

CVE-2008-6978NONECVSS 0.0EG 0.0

2009-08-19

Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, rela…

CVE-2008-7029NONECVSS 0.0EG 0.0

2009-08-24

Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a dire…

CVE-2008-7037NONECVSS 0.0EG 0.0

2009-08-24

The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title …

CVE-2008-7052NONECVSS 0.0EG 0.0

2009-08-24

Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing i…

CVE-2008-7068NONECVSS 0.0EG 0.0

2009-08-25

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the a…

CVE-2008-7088NONECVSS 0.0EG 0.0

2009-08-26

Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it …

CVE-2008-7102NONECVSS 0.0EG 0.0

2009-08-27

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.

CVE-2008-7107NONECVSS 0.0EG 0.0

2009-08-28

easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.

CVE-2008-7112NONECVSS 0.0EG 0.0

2009-08-28

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request.

CVE-2008-7135NONECVSS 0.0EG 0.0

2009-09-01

toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.

CVE-2008-7136NONECVSS 0.0EG 0.0

2009-09-01

toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-200…

CVE-2008-7180NONECVSS 0.0EG 0.0

2009-09-08

del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.

CVE-2008-7185NONECVSS 0.0EG 0.0

2009-09-08

GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.

CVE-2008-7205NONECVSS 0.0EG 0.0

2009-09-11

Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.

CVE-2008-7215NONECVSS 0.0EG 0.0

2009-09-11

The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size…

CVE-2008-7257NONECVSS 0.0EG 0.0

2010-06-29

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirec…

CVE-2008-7258NONECVSS 0.0EG 0.0

2010-08-20

The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disput…

CVE-2008-7269NONECVSS 0.0EG 0.0

2010-12-01

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.

CVE-2008-7274NONECVSS 0.0EG 0.0

2011-02-15

IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.

CVE-2008-7278NONECVSS 0.0EG 0.0

2011-03-18

The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mai…

CVE-2008-7280NONECVSS 0.0EG 0.0

2011-03-18

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service …

CVE-2008-7286NONECVSS 0.0EG 0.0

2011-03-22

IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XF…

CVE-2008-7289NONECVSS 0.0EG 0.0

2011-04-21

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service (DB2 daemon de…

CVE-2008-7299NONECVSS 0.0EG 0.0

2011-08-12

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.

CVE-2008-7312NONECVSS 0.0EG 0.0

2012-08-23

The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a …

CVE-2009-0008NONECVSS 0.0EG 0.0

2009-01-22

Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.

CVE-2009-0016NONECVSS 0.0EG 0.0

2009-03-14

Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.

CWE-20— Improper Input Validation

CVEs classified under CWE-20page 18 of 227

Map vulnerabilities like CWE-20 to your infrastructure