CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2008-1691 20 DoS 2008-04-07 2017-08-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information.
302 CVE-2008-1690 399 DoS Exec Code Mem. Corr. 2008-04-07 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.
303 CVE-2008-1689 399 DoS 2008-04-07 2017-08-08
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party information.
304 CVE-2008-1688 Exec Code 2008-04-09 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
305 CVE-2008-1687 2008-04-09 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
306 CVE-2008-1686 189 Exec Code 2008-04-08 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
307 CVE-2008-1685 119 Overflow 2008-04-06 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).
308 CVE-2008-1684 362 2008-04-06 2017-09-29
4.7
None Local Medium Not required None None Complete
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
309 CVE-2008-1682 94 Exec Code File Inclusion 2008-04-04 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter.
310 CVE-2008-1681 264 2008-04-04 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
311 CVE-2008-1680 200 +Info 2008-04-04 2017-09-29
5.0
None Remote Low Not required Partial None None
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.
312 CVE-2008-1679 189 DoS Exec Code Overflow 2008-04-22 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
313 CVE-2008-1671 16 DoS Exec Code 2008-04-28 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
314 CVE-2008-1670 119 DoS Exec Code Overflow 2008-04-28 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
315 CVE-2008-1658 134 DoS Exec Code 2008-04-11 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
316 CVE-2008-1657 264 Bypass 2008-04-02 2018-10-11
6.5
None Remote Low ??? Partial Partial Partial
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
317 CVE-2008-1656 264 2008-04-09 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.
318 CVE-2008-1655 79 XSS 2008-04-09 2017-09-29
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
319 CVE-2008-1654 352 CSRF 2008-04-02 2017-09-29
4.3
None Remote Medium Not required None Partial None
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
320 CVE-2008-1653 22 Dir. Trav. 2008-04-02 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
321 CVE-2008-1652 22 Dir. Trav. 2008-04-02 2017-08-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information.
322 CVE-2008-1651 22 Dir. Trav. 2008-04-02 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
323 CVE-2008-1650 89 Exec Code Sql 2008-04-02 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.
324 CVE-2008-1649 79 XSS 2008-04-02 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.
325 CVE-2008-1648 20 DoS 2008-04-02 2017-08-08
5.0
None Remote Low Not required None None Partial
Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.
326 CVE-2008-1647 20 2008-04-02 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.
327 CVE-2008-1646 89 Exec Code Sql 2008-04-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
328 CVE-2008-1645 22 Dir. Trav. 2008-04-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
329 CVE-2008-1644 89 Exec Code Sql 2008-04-02 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
330 CVE-2008-1643 22 Dir. Trav. 2008-04-02 2017-08-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.
331 CVE-2008-1642 22 Dir. Trav. 2008-04-02 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
332 CVE-2008-1641 89 Exec Code Sql 2008-04-02 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
333 CVE-2008-1640 89 Exec Code Sql 2008-04-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.
334 CVE-2008-1639 89 Exec Code Sql 2008-04-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.
335 CVE-2008-1638 264 +Priv 2008-04-02 2017-08-08
6.8
None Local Low ??? Complete Complete Complete
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
336 CVE-2008-1637 189 2008-04-02 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
337 CVE-2008-1636 79 XSS 2008-04-02 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
338 CVE-2008-1635 22 Dir. Trav. 2008-04-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.
339 CVE-2008-1634 79 XSS 2008-04-02 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
340 CVE-2008-1633 2008-04-02 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.
341 CVE-2008-1632 89 Exec Code Sql 2008-04-02 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
342 CVE-2008-1631 89 Exec Code Sql 2008-04-02 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.
343 CVE-2008-1630 79 XSS 2008-04-02 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/.
344 CVE-2008-1629 79 XSS 2008-04-02 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
345 CVE-2008-1628 264 Exec Code Overflow 2008-04-02 2017-08-08
4.1
None Local Medium ??? Partial Partial Partial
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
346 CVE-2008-1627 264 2008-04-02 2017-08-08
3.5
None Remote Medium ??? None None Partial
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
347 CVE-2008-1626 20 Exec Code Sql 2008-04-02 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
348 CVE-2008-1625 264 +Priv 2008-04-02 2018-10-11
6.8
None Local Low ??? Complete Complete Complete
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
349 CVE-2008-1624 22 Dir. Trav. 2008-04-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter.
350 CVE-2008-1623 89 Exec Code Sql 2008-04-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Total number of vulnerabilities : 454   Page : 1 2 3 4 5 6 7 (This Page)8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.