CVE-2008-5192 (philboard) SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE:...
CVE-2008-5194 (online_booking_manager) SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5190 (eshop100) SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
CVE-2008-5193 (philboard) Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms...
CVE-2008-5191 (seportal) Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2)...
CVE-2008-5189 (ruby_on_rails) CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a...
CVE-2008-5195 (sebraccms) Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the...
CVE-2008-5185 (geshi) The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing...
CVE-2008-5183 (cups) cupsd in CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number...
CVE-2008-5181 (office_communicator) Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons.
CVE-2008-5178 (opera) Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI.
CVE-2008-5184 (cups) The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes...
CVE-2008-5176 (wincom_mpd_total) Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command...
CVE-2008-5182 (kernel) The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify...
CVE-2008-5188 (ecryptfs_utils) The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local...
CVE-2008-5180 (office_communicator) Microsoft Communicator allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation...
Latest Exploits
cambridge-sql.txt VisitCambridge.org suffers from a remote SQL injection vulnerability.
verlihub-exec.txt Verlihub versions 0.9.8d-RC2 and below suffer from a remote command execution vulnerability due to a lack of input sanitization.
joomlathyme-sql.txt The Joomla Thyme component version 1.0 suffers from a remote SQL injection vulnerability.
BitDefenderDOS.zip Proof of concept malicious pdf file that causes a denial of service and infinite loop in BitDefender using the pdf.xmd module.
kvirc-exec.txt KVIrc version 3.4.2 Shiny URI handler remote code execution exploit.
SANS Security Policy
WebShag v.1.00
OWSA Assistant
Zodiac 0.4.9
PuttyHijack 1.0
Packetstorm 2007 Exploits Collection (4)
