Max CVSS 10.0 Min CVSS 4.3 Total Count16
IDCVSSSummaryLast (major) updatePublished
CVE-2008-3657 7.5
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by
13-07-2011 - 00:00 12-08-2008 - 21:41
CVE-2008-3656 7.8
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows con
07-03-2011 - 22:11 12-08-2008 - 21:41
CVE-2008-2938 4.3
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
07-03-2011 - 22:09 12-08-2008 - 20:41
CVE-2008-3655 7.5
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended
07-03-2011 - 00:00 12-08-2008 - 21:41
CVE-2008-4310 7.8
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for
21-08-2010 - 00:00 08-12-2008 - 19:30
CVE-2008-4424 4.3
Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. NOTE: the provenance of this information is unknown; t
18-03-2009 - 01:43 03-10-2008 - 18:22
CVE-2008-3701 6.5
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
18-03-2009 - 01:41 15-08-2008 - 16:41
CVE-2008-3700 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php;
18-03-2009 - 01:41 15-08-2008 - 16:41
CVE-2008-4528 7.5
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
29-01-2009 - 01:56 09-10-2008 - 14:14
CVE-2008-4428 10.0
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in
29-01-2009 - 01:56 03-10-2008 - 18:22
CVE-2008-4427 7.5
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
29-01-2009 - 01:56 03-10-2008 - 18:22
CVE-2008-4426 4.3
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
29-01-2009 - 01:56 03-10-2008 - 18:22
CVE-2008-4425 8.8
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
29-01-2009 - 01:56 03-10-2008 - 18:22
CVE-2008-4423 6.5
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
29-01-2009 - 01:56 03-10-2008 - 18:22
CVE-2008-3604 7.5
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
29-01-2009 - 01:53 12-08-2008 - 15:41
CVE-2008-3918 7.5
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely fr
22-10-2008 - 01:54 04-09-2008 - 14:41
Back to Top Mark selected
Back to Top