CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2008-1817 Sql 2008-04-16 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection.
202 CVE-2008-1816 Sql 2008-04-16 2018-10-11
5.5
None Remote Low ??? Partial Partial None
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection.
203 CVE-2008-1815 Sql 2008-04-16 2018-10-11
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL injection in LOCK_CHANGE_SET.
204 CVE-2008-1814 2008-04-16 2021-07-28
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04.
205 CVE-2008-1813 Sql 2008-04-16 2018-10-11
6.5
None Remote Low ??? Partial Partial Partial
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.
206 CVE-2008-1812 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01.
207 CVE-2008-1811 Exec Code 2008-04-16 2018-10-11
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote authenticated users.
208 CVE-2008-1800 79 XSS 2008-04-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
209 CVE-2008-1799 22 Dir. Trav. 2008-04-15 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
210 CVE-2008-1798 22 Dir. Trav. 2008-04-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
211 CVE-2008-1797 DoS 2008-04-15 2018-10-11
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.
212 CVE-2008-1796 DoS 2008-04-15 2017-08-08
4.9
None Local Low Not required None None Complete
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
213 CVE-2008-1795 79 XSS 2008-04-15 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
214 CVE-2008-1794 79 XSS 2008-04-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
215 CVE-2008-1793 79 XSS 2008-04-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
216 CVE-2008-1792 79 XSS 2008-04-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
217 CVE-2008-1791 89 Exec Code Sql 2008-04-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
218 CVE-2008-1790 264 Sql 2008-04-15 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
219 CVE-2008-1789 89 Exec Code Sql 2008-04-15 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
220 CVE-2008-1788 89 Exec Code Sql 2008-04-15 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
221 CVE-2008-1787 79 XSS 2008-04-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
222 CVE-2008-1786 94 Exec Code 2008-04-16 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.
223 CVE-2008-1785 20 2008-04-15 2017-09-29
5.5
None Remote Low ??? None Partial Partial
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
224 CVE-2008-1784 264 2008-04-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
225 CVE-2008-1783 264 2008-04-15 2017-09-29
6.4
None Remote Low Not required None Partial Partial
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
226 CVE-2008-1782 200 +Info 2008-04-15 2017-09-29
5.0
None Remote Low Not required Partial None None
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.
227 CVE-2008-1780 264 Bypass 2008-04-14 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
228 CVE-2008-1779 399 DoS 2008-04-14 2017-09-29
6.8
None Remote Low ??? None None Complete
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
229 CVE-2008-1778 16 DoS 2008-04-14 2018-10-30
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
230 CVE-2008-1777 399 DoS 2008-04-14 2011-03-08
5.0
None Remote Low Not required None None Partial
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.
231 CVE-2008-1776 94 Exec Code File Inclusion 2008-04-14 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
232 CVE-2008-1775 79 XSS 2008-04-14 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
233 CVE-2008-1774 89 Exec Code Sql 2008-04-14 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
234 CVE-2008-1773 94 Exec Code File Inclusion 2008-04-14 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
235 CVE-2008-1772 310 +Info 2008-04-14 2017-09-29
5.0
None Remote Low Not required Partial None None
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
236 CVE-2008-1771 189 DoS Exec Code Overflow 2008-04-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.
237 CVE-2008-1769 399 DoS Mem. Corr. 2008-04-25 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
238 CVE-2008-1768 119 DoS Overflow 2008-04-25 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
239 CVE-2008-1766 2008-04-12 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
240 CVE-2008-1765 119 Exec Code Overflow 2008-04-23 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244.
241 CVE-2008-1764 2008-04-12 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
242 CVE-2008-1763 89 Exec Code Sql 2008-04-12 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
243 CVE-2008-1762 399 DoS Exec Code Mem. Corr. 2008-04-12 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
244 CVE-2008-1761 399 DoS Exec Code 2008-04-12 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
245 CVE-2008-1760 94 Exec Code File Inclusion 2008-04-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
246 CVE-2008-1759 89 Exec Code Sql 2008-04-12 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
247 CVE-2008-1758 89 Exec Code Sql 2008-04-12 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.
248 CVE-2008-1757 79 XSS 2008-04-12 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
249 CVE-2008-1756 DoS 2008-04-11 2017-08-08
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.
250 CVE-2008-1755 22 Dir. Trav. 2008-04-11 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
Total number of vulnerabilities : 454   Page : 1 2 3 4 5 (This Page)6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.