CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2008-0159 89 Exec Code Sql 2008-01-09 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
302 CVE-2008-0158 22 1 Dir. Trav. 2008-01-09 2017-09-29
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
303 CVE-2008-0157 89 Exec Code Sql 2008-01-09 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
304 CVE-2008-0156 22 Dir. Trav. 2008-01-09 2018-10-15
5.0
None Remote Low Not required None Partial None
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
305 CVE-2008-0155 79 XSS 2008-01-09 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.
306 CVE-2008-0154 89 Exec Code Sql 2008-01-09 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.
307 CVE-2008-0153 399 DoS 2008-01-09 2017-08-08
5.0
None Remote Low Not required None None Partial
telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.
308 CVE-2008-0152 119 DoS Overflow 2008-01-09 2011-09-21
4.3
None Remote Medium Not required None None Partial
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode.
309 CVE-2008-0151 119 DoS Exec Code Overflow 2008-01-09 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.
310 CVE-2008-0150 287 Bypass 2008-01-09 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.
311 CVE-2008-0149 2008-01-09 2021-08-30
5.0
None Remote Low Not required Partial None None
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
312 CVE-2008-0148 264 Exec Code 2008-01-09 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
313 CVE-2008-0147 89 Exec Code Sql 2008-01-09 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
314 CVE-2008-0146 79 XSS 2008-01-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.
315 CVE-2008-0145 264 2008-01-08 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
316 CVE-2008-0144 89 Exec Code Sql Dir. Trav. File Inclusion 2008-01-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
317 CVE-2008-0143 94 Exec Code File Inclusion 2008-01-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.
318 CVE-2008-0142 89 Exec Code Sql 2008-01-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.
319 CVE-2008-0141 255 2008-01-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
320 CVE-2008-0140 22 Dir. Trav. 2008-01-08 2017-09-29
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
321 CVE-2008-0139 89 Exec Code Sql 2008-01-08 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.
322 CVE-2008-0138 89 Exec Code Sql File Inclusion 2008-01-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
323 CVE-2008-0137 89 Exec Code Sql File Inclusion 2008-01-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
324 CVE-2008-0136 200 +Info 2008-01-08 2018-10-15
5.0
None Remote Low Not required Partial None None
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.
325 CVE-2008-0135 264 2008-01-08 2018-10-15
5.0
None Remote Low Not required Partial None None
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
326 CVE-2008-0134 79 XSS 2008-01-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
327 CVE-2008-0133 89 Exec Code Sql 2008-01-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.
328 CVE-2008-0132 399 DoS 2008-01-08 2017-08-08
5.0
None Remote Low Not required None None Partial
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
329 CVE-2008-0131 79 XSS 2008-01-08 2009-09-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
330 CVE-2008-0130 89 Exec Code Sql 2008-01-08 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
331 CVE-2008-0129 89 Exec Code Sql 2008-01-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.
332 CVE-2008-0128 16 2008-01-23 2019-03-25
5.0
None Remote Low Not required Partial None None
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
333 CVE-2008-0127 119 DoS Exec Code Overflow 2008-01-10 2018-10-15
8.8
None Remote Medium Not required None Complete Complete
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
334 CVE-2008-0123 79 XSS 2008-01-12 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.
335 CVE-2008-0122 189 DoS Exec Code Mem. Corr. 2008-01-16 2019-08-01
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
336 CVE-2008-0101 20 Exec Code 2008-01-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file.
337 CVE-2008-0100 119 Exec Code Overflow 2008-01-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.
338 CVE-2008-0099 89 Exec Code Sql 2008-01-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.
339 CVE-2008-0098 119 Exec Code Overflow 2008-01-08 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
340 CVE-2008-0097 20 Exec Code 2008-01-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message.
341 CVE-2008-0096 119 Exec Code Overflow 2008-01-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.
342 CVE-2008-0095 399 DoS 2008-01-08 2018-10-15
5.0
None Remote Low Not required None None Partial
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
343 CVE-2008-0094 22 Dir. Trav. 2008-01-08 2018-10-15
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.
344 CVE-2008-0093 79 XSS 2008-01-08 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
345 CVE-2008-0092 79 XSS 2008-01-04 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
346 CVE-2008-0091 22 Dir. Trav. 2008-01-04 2017-09-29
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.
347 CVE-2008-0090 119 DoS Overflow 2008-01-04 2021-07-23
5.0
None Remote Low Not required None None Partial
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.
348 CVE-2008-0089 89 Exec Code Sql 2008-01-04 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.
349 CVE-2008-0081 Exec Code 2008-01-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
350 CVE-2008-0065 119 Exec Code Overflow 2008-01-22 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
Total number of vulnerabilities : 497   Page : 1 2 3 4 5 6 7 (This Page)8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.