CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2008-0409 79 XSS 2008-01-29 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
102 CVE-2008-0408 287 2008-01-29 2018-10-15
6.4
None Remote Low Not required Partial Partial None
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
103 CVE-2008-0407 287 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
104 CVE-2008-0406 20 DoS 2008-01-29 2018-10-15
5.0
None Remote Low Not required None None Partial
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
105 CVE-2008-0405 22 Dir. Trav. 2008-01-29 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
106 CVE-2008-0404 79 XSS 2008-01-23 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
107 CVE-2008-0403 287 2008-01-23 2018-10-15
5.5
None Remote Low ??? Partial Partial None
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
108 CVE-2008-0402 264 Bypass 2008-01-23 2017-08-08
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.
109 CVE-2008-0401 119 DoS Exec Code Overflow 2008-01-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.
110 CVE-2008-0400 79 XSS 2008-01-23 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.
111 CVE-2008-0399 119 Exec Code Overflow 2008-01-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.
112 CVE-2008-0398 79 XSS 2008-01-23 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.
113 CVE-2008-0397 89 Exec Code Sql 2008-01-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.
114 CVE-2008-0396 22 Dir. Trav. 2008-01-23 2018-10-15
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
115 CVE-2008-0395 200 +Info 2008-01-23 2018-10-15
5.0
None Remote Low Not required Partial None None
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
116 CVE-2008-0394 119 Exec Code Overflow 2008-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.
117 CVE-2008-0393 22 Dir. Trav. 2008-01-23 2017-09-29
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
118 CVE-2008-0392 119 Exec Code Overflow 2008-01-23 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.
119 CVE-2008-0391 287 2008-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.
120 CVE-2008-0390 94 Exec Code 2008-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
121 CVE-2008-0389 2008-01-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.
122 CVE-2008-0388 89 Exec Code Sql 2008-01-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.
123 CVE-2008-0387 189 Exec Code Overflow Mem. Corr. 2008-01-29 2018-10-26
7.8
None Remote Low Not required None None Complete
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
124 CVE-2008-0384 DoS 2008-01-22 2018-10-30
4.9
None Local Low Not required None None Complete
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
125 CVE-2008-0383 89 Exec Code Sql 2008-01-22 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
126 CVE-2008-0382 94 Exec Code 2008-01-22 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
127 CVE-2008-0381 79 XSS 2008-01-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
128 CVE-2008-0380 119 Exec Code Overflow 2008-01-22 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
129 CVE-2008-0379 119 DoS Exec Code Overflow 2008-01-22 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
130 CVE-2008-0378 119 DoS Exec Code Overflow 2008-01-22 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
131 CVE-2008-0377 287 +Priv Bypass 2008-01-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
132 CVE-2008-0376 94 Exec Code File Inclusion 2008-01-22 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.
133 CVE-2008-0375 264 2008-01-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.
134 CVE-2008-0374 310 2008-01-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.
135 CVE-2008-0373 20 2008-01-22 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.
136 CVE-2008-0372 264 Bypass 2008-01-22 2018-10-15
5.0
None Remote Low Not required Partial None None
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
137 CVE-2008-0371 89 Exec Code Sql 2008-01-22 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.
138 CVE-2008-0370 79 XSS 2008-01-22 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
139 CVE-2008-0369 2008-01-19 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.
140 CVE-2008-0368 2008-01-19 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.
141 CVE-2008-0367 200 +Info 2008-01-19 2018-10-26
5.0
None Remote Low Not required None Partial None
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
142 CVE-2008-0366 119 DoS Exec Code Overflow 2008-01-18 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.
143 CVE-2008-0365 119 DoS Exec Code Overflow 2008-01-18 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.
144 CVE-2008-0364 119 DoS Overflow 2008-01-18 2018-10-15
5.0
None Remote Low Not required None None Partial
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
145 CVE-2008-0363 89 Exec Code Sql 2008-01-18 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.
146 CVE-2008-0362 79 XSS 2008-01-18 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter.
147 CVE-2008-0361 22 Dir. Trav. 2008-01-18 2018-10-15
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
148 CVE-2008-0360 89 Exec Code Sql 2008-01-18 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
149 CVE-2008-0359 79 XSS 2008-01-18 2017-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.
150 CVE-2008-0358 89 Exec Code Sql 2008-01-18 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.
Total number of vulnerabilities : 497   Page : 1 2 3 (This Page)4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.