CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6703 DoS 2008-03-04 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors.
2 CVE-2007-6711 264 +Priv 2008-03-24 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.
3 CVE-2008-0053 119 Exec Code Overflow 2008-03-18 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
4 CVE-2008-0532 119 Exec Code Overflow 2008-03-14 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
5 CVE-2008-0704 264 2008-03-28 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.
6 CVE-2008-0947 119 Exec Code Overflow 2008-03-19 2020-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
7 CVE-2008-0949 +Priv 2008-03-18 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
8 CVE-2008-1117 22 Exec Code Dir. Trav. 2008-03-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
9 CVE-2008-1157 20 Exec Code 2008-03-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.
10 CVE-2008-1167 119 Exec Code Overflow 2008-03-05 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.
11 CVE-2008-1242 264 Bypass 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802.
12 CVE-2008-1244 287 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
13 CVE-2008-1247 264 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.
14 CVE-2008-1252 200 +Info 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.
15 CVE-2008-1255 264 Bypass 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.
16 CVE-2008-1256 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.
17 CVE-2008-1262 287 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
18 CVE-2008-1268 287 2008-03-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
19 CVE-2008-1307 119 Exec Code Overflow 2008-03-12 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.
20 CVE-2008-1310 22 Dir. Trav. 2008-03-12 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname.
21 CVE-2008-1320 119 DoS Exec Code Overflow 2008-03-13 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.
22 CVE-2008-1369 264 +Priv 2008-03-18 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
23 CVE-2008-1392 16 2008-03-20 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.
24 CVE-2008-1393 255 2008-03-20 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
25 CVE-2008-1491 119 Exec Code Overflow 2008-03-25 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
26 CVE-2008-1558 189 Exec Code Overflow 2008-03-31 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.
27 CVE-2008-1249 20 DoS 2008-03-10 2018-10-11
9.4
None Remote Low Not required None Complete Complete
snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field.
28 CVE-2007-1201 94 Exec Code Mem. Corr. 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
29 CVE-2007-6253 119 Exec Code Overflow 2008-03-12 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls.
30 CVE-2007-6254 119 Exec Code Overflow 2008-03-20 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.
31 CVE-2007-6706 94 Exec Code 2008-03-09 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.
32 CVE-2008-0047 119 Exec Code Overflow 2008-03-18 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
33 CVE-2008-0062 189 DoS Exec Code 2008-03-19 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
34 CVE-2008-0110 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
35 CVE-2008-0111 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
36 CVE-2008-0112 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
37 CVE-2008-0113 94 Exec Code Mem. Corr. 2008-03-11 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
38 CVE-2008-0114 94 Exec Code Mem. Corr. 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
39 CVE-2008-0115 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
40 CVE-2008-0116 94 Exec Code 2008-03-11 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
41 CVE-2008-0117 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
42 CVE-2008-0118 94 Exec Code Mem. Corr. 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
43 CVE-2008-0307 189 Exec Code 2008-03-11 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.
44 CVE-2008-0888 119 DoS Exec Code Overflow 2008-03-17 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
45 CVE-2008-0948 119 DoS Exec Code Overflow 2008-03-19 2020-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
46 CVE-2008-0951 94 Exec Code 2008-03-24 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
47 CVE-2008-1092 119 Exec Code Overflow 2008-03-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
48 CVE-2008-1116 Exec Code 2008-03-03 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information.
49 CVE-2008-1120 134 DoS Exec Code 2008-03-03 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
50 CVE-2008-1136 94 Exec Code 2008-03-04 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.
Total number of vulnerabilities : 506   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.