CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2008-1474 79 XSS 2008-03-24 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
102 CVE-2008-1473 264 +Priv 2008-03-24 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
103 CVE-2008-1472 119 DoS Exec Code Overflow 2008-03-24 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
104 CVE-2008-1471 399 DoS Exec Code 2008-03-24 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.
105 CVE-2008-1470 79 XSS 2008-03-24 2018-10-11
4.3
None Remote Medium Not required None Partial None
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
106 CVE-2008-1469 287 2008-03-24 2011-07-25
6.4
None Remote Low Not required None Partial Partial
Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
107 CVE-2008-1468 79 XSS 2008-03-24 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.
108 CVE-2008-1467 94 Exec Code 2008-03-24 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim.
109 CVE-2008-1466 94 Exec Code File Inclusion 2008-03-24 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
110 CVE-2008-1465 89 Exec Code Sql 2008-03-24 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.
111 CVE-2008-1464 89 Exec Code Sql 2008-03-24 2011-07-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
112 CVE-2008-1463 79 XSS 2008-03-24 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.
113 CVE-2008-1462 89 Exec Code Sql 2008-03-24 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
114 CVE-2008-1461 119 Exec Code Overflow 2008-03-24 2018-10-11
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
115 CVE-2008-1460 89 Exec Code Sql 2008-03-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
116 CVE-2008-1459 89 Exec Code Sql 2008-03-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
117 CVE-2008-1458 79 XSS 2008-03-24 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.
118 CVE-2008-1432 79 XSS 2008-03-20 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
119 CVE-2008-1431 310 2008-03-20 2018-10-11
2.1
None Local Low Not required Partial None None
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.
120 CVE-2008-1430 89 Exec Code Sql 2008-03-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
121 CVE-2008-1429 DoS 2008-03-20 2017-08-08
7.8
None Remote Low Not required None None Complete
Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname.
122 CVE-2008-1428 79 XSS 2008-03-20 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.
123 CVE-2008-1427 89 Exec Code Sql 2008-03-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
124 CVE-2008-1426 89 Exec Code Sql 2008-03-20 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
125 CVE-2008-1425 89 Exec Code Sql 2008-03-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.
126 CVE-2008-1417 59 2008-03-20 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file.
127 CVE-2008-1416 94 Exec Code File Inclusion 2008-03-20 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.
128 CVE-2008-1415 22 Dir. Trav. 2008-03-20 2018-10-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
129 CVE-2008-1414 79 XSS 2008-03-20 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.
130 CVE-2008-1413 79 XSS 2008-03-20 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
131 CVE-2008-1412 20 DoS Exec Code 2008-03-20 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
132 CVE-2008-1411 20 DoS 2008-03-20 2018-10-11
5.0
None Remote Low Not required None None Partial
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
133 CVE-2008-1410 22 Dir. Trav. 2008-03-20 2018-10-11
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
134 CVE-2008-1409 22 Dir. Trav. 2008-03-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.
135 CVE-2008-1408 89 Exec Code Sql 2008-03-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.
136 CVE-2008-1407 89 Exec Code Sql 2008-03-20 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
137 CVE-2008-1406 89 Exec Code Sql 2008-03-20 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.
138 CVE-2008-1405 94 Exec Code File Inclusion 2008-03-20 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
139 CVE-2008-1404 89 Exec Code Sql 2008-03-20 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.
140 CVE-2008-1403 119 Exec Code Overflow 2008-03-20 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename.
141 CVE-2008-1402 399 DoS 2008-03-20 2018-10-11
7.1
None Remote Medium Not required None None Complete
MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine).
142 CVE-2008-1401 134 Exec Code 2008-03-20 2018-10-11
4.3
None Remote Medium Not required None Partial None
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.
143 CVE-2008-1400 22 Dir. Trav. 2008-03-20 2018-10-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.
144 CVE-2008-1399 79 XSS 2008-03-20 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
145 CVE-2008-1398 89 Exec Code Sql 2008-03-20 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
146 CVE-2008-1397 264 DoS 2008-03-20 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.
147 CVE-2008-1396 255 2008-03-20 2018-10-11
4.3
None Remote Medium Not required Partial None None
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
148 CVE-2008-1395 287 2008-03-20 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.
149 CVE-2008-1394 255 2008-03-20 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
150 CVE-2008-1393 255 2008-03-20 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
Total number of vulnerabilities : 506   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.