CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-5655 119 Exec Code Overflow 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
2 CVE-2007-5656 399 DoS Exec Code 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
3 CVE-2007-5657 20 Exec Code 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
4 CVE-2007-5658 20 Exec Code Overflow 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
5 CVE-2007-6425 119 DoS Overflow 2008-01-23 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
6 CVE-2007-6532 119 Exec Code Overflow 2008-01-09 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
7 CVE-2007-6610 Exec Code 2008-01-03 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
8 CVE-2007-6638 264 +Info 2008-01-04 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
9 CVE-2007-6679 2008-01-10 2011-04-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.
10 CVE-2007-6685 264 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
11 CVE-2007-6686 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
12 CVE-2007-6688 2008-01-17 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."
13 CVE-2007-6690 264 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
14 CVE-2007-6691 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.
15 CVE-2007-6693 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
16 CVE-2008-0003 119 Exec Code Overflow 2008-01-08 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
17 CVE-2008-0027 119 DoS Exec Code Overflow 2008-01-17 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
18 CVE-2008-0029 255 +Priv 2008-01-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
19 CVE-2008-0065 119 Exec Code Overflow 2008-01-22 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
20 CVE-2008-0098 119 Exec Code Overflow 2008-01-08 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
21 CVE-2008-0122 189 DoS Exec Code Mem. Corr. 2008-01-16 2019-08-01
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
22 CVE-2008-0148 264 Exec Code 2008-01-09 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
23 CVE-2008-0151 119 DoS Exec Code Overflow 2008-01-09 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.
24 CVE-2008-0176 119 Exec Code Overflow 2008-01-29 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.
25 CVE-2008-0229 287 2008-01-10 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.
26 CVE-2008-0235 94 1 Exec Code 2008-01-11 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.
27 CVE-2008-0244 20 Exec Code 2008-01-12 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
28 CVE-2008-0246 264 +Priv 2008-01-12 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
29 CVE-2008-0247 119 Exec Code Overflow 2008-01-12 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.
30 CVE-2008-0251 94 2008-01-12 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
31 CVE-2008-0296 119 DoS Exec Code Overflow 2008-01-16 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
32 CVE-2008-0339 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.
33 CVE-2008-0340 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).
34 CVE-2008-0341 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.
35 CVE-2008-0342 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.
36 CVE-2008-0343 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.
37 CVE-2008-0344 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.
38 CVE-2008-0345 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
39 CVE-2008-0346 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.
40 CVE-2008-0347 2008-01-17 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges.
41 CVE-2008-0348 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.
42 CVE-2008-0349 2008-01-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.
43 CVE-2008-0356 119 Exec Code Overflow 2008-01-18 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
44 CVE-2008-0374 310 2008-01-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.
45 CVE-2008-0375 264 2008-01-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.
46 CVE-2008-0377 287 +Priv Bypass 2008-01-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
47 CVE-2008-0380 119 Exec Code Overflow 2008-01-22 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
48 CVE-2008-0389 2008-01-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.
49 CVE-2008-0401 119 DoS Exec Code Overflow 2008-01-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.
50 CVE-2008-0405 22 Dir. Trav. 2008-01-29 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
Total number of vulnerabilities : 497   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.