CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2008-0284 79 XSS 2008-01-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.
202 CVE-2008-0283 94 Exec Code File Inclusion 2008-01-15 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
203 CVE-2008-0282 89 Exec Code Sql 2008-01-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.
204 CVE-2008-0281 89 Exec Code Sql 2008-01-15 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
205 CVE-2008-0280 89 Exec Code Sql 2008-01-15 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
206 CVE-2008-0279 89 Exec Code Sql 2008-01-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
207 CVE-2008-0278 89 Exec Code Sql 2008-01-15 2017-09-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.
208 CVE-2008-0277 20 Exec Code 2008-01-15 2017-08-08
8.5
None Remote Medium ??? Complete Complete Complete
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.
209 CVE-2008-0276 79 XSS 2008-01-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.
210 CVE-2008-0275 264 2008-01-15 2017-08-08
5.0
None Remote Low Not required Partial None None
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.
211 CVE-2008-0274 79 XSS 2008-01-15 2017-08-08
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
212 CVE-2008-0273 79 XSS 2008-01-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.
213 CVE-2008-0272 352 CSRF 2008-01-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
214 CVE-2008-0271 352 CSRF 2008-01-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.
215 CVE-2008-0270 89 Exec Code Sql 2008-01-15 2017-09-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.
216 CVE-2008-0269 DoS 2008-01-15 2018-10-30
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
217 CVE-2008-0268 79 XSS 2008-01-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
218 CVE-2008-0267 89 Exec Code Sql 2008-01-15 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
219 CVE-2008-0266 352 Sql CSRF 2008-01-15 2018-10-15
2.6
None Remote High Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
220 CVE-2008-0265 79 XSS 2008-01-15 2018-10-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.
221 CVE-2008-0264 20 Exec Code 2008-01-15 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node.
222 CVE-2008-0263 399 DoS 2008-01-15 2011-03-08
5.0
None Remote Low Not required None None Partial
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
223 CVE-2008-0262 89 Exec Code Sql 2008-01-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
224 CVE-2008-0261 399 DoS 2008-01-15 2017-08-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
225 CVE-2008-0260 20 +Info 2008-01-15 2017-09-29
5.0
None Remote Low Not required None Partial None
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
226 CVE-2008-0259 22 Dir. Trav. 2008-01-15 2017-09-29
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
227 CVE-2008-0258 79 XSS 2008-01-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
228 CVE-2008-0257 79 XSS 2008-01-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
229 CVE-2008-0256 89 Exec Code Sql 2008-01-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
230 CVE-2008-0255 89 Exec Code Sql 2008-01-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
231 CVE-2008-0254 89 Exec Code Sql 2008-01-15 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
232 CVE-2008-0253 89 Exec Code Sql 2008-01-15 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
233 CVE-2008-0252 22 Dir. Trav. 2008-01-12 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.
234 CVE-2008-0251 94 2008-01-12 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
235 CVE-2008-0250 119 Exec Code Overflow 2008-01-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.
236 CVE-2008-0249 200 +Info 2008-01-12 2017-10-11
5.0
None Remote Low Not required Partial None None
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
237 CVE-2008-0248 119 Exec Code Overflow 2008-01-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method.
238 CVE-2008-0247 119 Exec Code Overflow 2008-01-12 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.
239 CVE-2008-0246 264 +Priv 2008-01-12 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
240 CVE-2008-0245 264 +Priv 2008-01-12 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
241 CVE-2008-0244 20 Exec Code 2008-01-12 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
242 CVE-2008-0243 DoS 2008-01-12 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
243 CVE-2008-0242 +Priv 2008-01-12 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
244 CVE-2008-0241 20 2008-01-11 2018-10-15
5.8
None Remote Medium Not required None Partial Partial
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
245 CVE-2008-0240 79 XSS 2008-01-11 2018-10-15
4.3
None Remote Medium Not required None Partial None
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."
246 CVE-2008-0239 79 XSS 2008-01-11 2018-10-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
247 CVE-2008-0238 119 Exec Code Overflow 2008-01-11 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
248 CVE-2008-0237 20 Exec Code 2008-01-11 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.
249 CVE-2008-0236 Exec Code 2008-01-11 2017-09-29
5.8
None Remote Medium Not required Partial Partial None
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.
250 CVE-2008-0235 94 1 Exec Code 2008-01-11 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.
Total number of vulnerabilities : 497   Page : 1 2 3 4 5 (This Page)6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.