CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2008-1867 89 Exec Code Sql 2008-04-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.
152 CVE-2008-1866 94 2008-04-17 2017-09-29
9.0
None Remote Low ??? Complete Complete Complete
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
153 CVE-2008-1865 119 DoS Overflow 2008-04-17 2018-10-11
1.9
None Local Medium Not required None None Partial
Stack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this function with a long item argument. NOTE: the vendor does not provide any program that is capable of causing this overflow.
154 CVE-2008-1864 89 Exec Code Sql 2008-04-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
155 CVE-2008-1863 89 Exec Code Sql 2008-04-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
156 CVE-2008-1862 94 Bypass File Inclusion 2008-04-17 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.
157 CVE-2008-1861 22 Dir. Trav. 2008-04-17 2017-09-29
5.1
None Remote High Not required Partial Partial Partial
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.
158 CVE-2008-1860 94 2008-04-17 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
159 CVE-2008-1859 89 Exec Code Sql 2008-04-16 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
160 CVE-2008-1858 89 Exec Code Sql 2008-04-16 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
161 CVE-2008-1857 22 Dir. Trav. 2008-04-16 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
162 CVE-2008-1856 22 Dir. Trav. 2008-04-16 2017-09-29
5.1
None Remote High Not required Partial Partial Partial
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
163 CVE-2008-1855 399 DoS 2008-04-16 2017-09-29
5.0
None Remote Low Not required None None Partial
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
164 CVE-2008-1854 DoS 2008-04-16 2017-08-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
165 CVE-2008-1853 399 DoS 2008-04-16 2017-08-08
4.3
None Remote Medium Not required None None Partial
The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request).
166 CVE-2008-1852 399 DoS 2008-04-16 2017-08-08
7.8
None Remote Low Not required None None Complete
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure.
167 CVE-2008-1851 399 DoS 2008-04-16 2017-08-08
5.0
None Remote Low Not required None None Partial
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments.
168 CVE-2008-1850 79 XSS 2008-04-16 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters.
169 CVE-2008-1849 22 Dir. Trav. 2008-04-16 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
170 CVE-2008-1848 79 XSS 2008-04-16 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
171 CVE-2008-1847 89 Exec Code Sql 2008-04-16 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
172 CVE-2008-1846 79 XSS 2008-04-16 2018-10-11
4.3
None Remote Medium Not required None Partial None
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
173 CVE-2008-1845 Exec Code +Priv 2008-04-16 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
174 CVE-2008-1844 89 Exec Code Sql 2008-04-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter.
175 CVE-2008-1843 89 Exec Code Sql 2008-04-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
176 CVE-2008-1842 189 DoS Exec Code Overflow 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
177 CVE-2008-1841 89 Exec Code Sql 2008-04-16 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
178 CVE-2008-1840 89 Exec Code Sql 2008-04-16 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
179 CVE-2008-1839 79 XSS 2008-04-16 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
180 CVE-2008-1838 89 Exec Code Sql 2008-04-16 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
181 CVE-2008-1837 399 DoS 2008-04-16 2017-08-08
5.0
None Remote Low Not required None None Partial
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
182 CVE-2008-1836 DoS 2008-04-16 2017-08-08
4.3
None Remote Medium Not required None None Partial
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
183 CVE-2008-1835 20 Bypass 2008-04-16 2017-08-08
5.0
None Remote Low Not required Partial None None
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
184 CVE-2008-1834 264 2008-04-16 2017-08-08
4.3
None Remote Medium Not required Partial None None
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
185 CVE-2008-1833 119 Exec Code Overflow 2008-04-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
186 CVE-2008-1832 59 2008-04-16 2017-08-08
3.3
None Local Medium Not required None Partial Partial
lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.
187 CVE-2008-1831 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.
188 CVE-2008-1830 2008-04-16 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03.
189 CVE-2008-1829 2008-04-16 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02.
190 CVE-2008-1828 2008-04-16 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.
191 CVE-2008-1827 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and (6) APP11; (c) Applications Manager component, aka (7) APP06; (d) and Applications Technology Stack component, aka (8) APP08.
192 CVE-2008-1826 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.
193 CVE-2008-1825 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.
194 CVE-2008-1824 2008-04-16 2021-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.
195 CVE-2008-1823 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01.
196 CVE-2008-1822 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
197 CVE-2008-1821 Overflow 2008-04-16 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB15 is for multiple buffer overflows in the (1) AQ$_REGISTER and (2) AQ$_UNREGISTER procedures.
198 CVE-2008-1820 Overflow 2008-04-16 2018-10-11
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure.
199 CVE-2008-1819 2008-04-16 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.
200 CVE-2008-1818 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
Total number of vulnerabilities : 454   Page : 1 2 3 4 (This Page)5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.