CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2008-0064 119 Exec Code Overflow 2008-01-31 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
352 CVE-2008-0061 DoS 2008-01-03 2011-03-08
5.0
None Remote Low Not required None None Partial
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."
353 CVE-2008-0036 119 Exec Code Overflow 2008-01-16 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
354 CVE-2008-0035 399 DoS Exec Code Mem. Corr. 2008-01-16 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
355 CVE-2008-0034 Exec Code 2008-01-16 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.
356 CVE-2008-0033 399 DoS Exec Code Mem. Corr. 2008-01-16 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
357 CVE-2008-0032 399 Exec Code 2008-01-16 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
358 CVE-2008-0031 399 DoS Exec Code Mem. Corr. 2008-01-16 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
359 CVE-2008-0029 255 +Priv 2008-01-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
360 CVE-2008-0028 DoS 2008-01-23 2018-10-26
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
361 CVE-2008-0027 119 DoS Exec Code Overflow 2008-01-17 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
362 CVE-2008-0008 20 +Priv 2008-01-29 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
363 CVE-2008-0006 119 Exec Code Overflow 2008-01-18 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
364 CVE-2008-0005 79 XSS 2008-01-12 2021-06-06
4.3
None Remote Medium Not required None Partial None
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
365 CVE-2008-0003 119 Exec Code Overflow 2008-01-08 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
366 CVE-2008-0001 Bypass 2008-01-15 2018-10-15
3.6
None Local Low Not required None Partial Partial
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
367 CVE-2007-6694 399 DoS 2008-01-29 2018-10-03
7.8
None Remote Low Not required None None Complete
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
368 CVE-2007-6693 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
369 CVE-2007-6692 59 2008-01-17 2008-11-15
6.4
None Remote Low Not required Partial None Partial
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules.
370 CVE-2007-6691 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.
371 CVE-2007-6690 264 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
372 CVE-2007-6689 20 Exec Code 2008-01-17 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.
373 CVE-2007-6688 2008-01-17 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."
374 CVE-2007-6687 79 XSS 2008-01-17 2008-11-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module.
375 CVE-2007-6686 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
376 CVE-2007-6685 264 2008-01-17 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
377 CVE-2007-6684 20 DoS 2008-01-17 2017-09-29
5.0
None Remote Low Not required None None Partial
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
378 CVE-2007-6683 2008-01-17 2017-09-29
5.0
None Remote Low Not required None Partial None
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
379 CVE-2007-6682 Exec Code 2008-01-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
380 CVE-2007-6681 119 Exec Code Overflow 2008-01-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
381 CVE-2007-6680 2008-01-10 2011-03-08
2.1
None Local Low Not required None Partial None
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
382 CVE-2007-6679 2008-01-10 2011-04-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.
383 CVE-2007-6677 79 XSS 2008-01-10 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.
384 CVE-2007-6676 16 2008-01-08 2018-10-15
5.0
None Remote Low Not required None Partial None
The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add file extensions that you may or may not want uploaded."
385 CVE-2007-6675 264 2008-01-08 2008-09-05
5.0
None Remote Low Not required None Partial None
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.
386 CVE-2007-6674 79 XSS 2008-01-08 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.
387 CVE-2007-6673 79 XSS 2008-01-08 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
388 CVE-2007-6672 22 Dir. Trav. Bypass 2008-01-08 2012-10-30
5.0
None Remote Low Not required Partial None None
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
389 CVE-2007-6671 89 Exec Code Sql 2008-01-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.
390 CVE-2007-6670 89 Exec Code Sql 2008-01-08 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
391 CVE-2007-6669 79 XSS 2008-01-08 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
392 CVE-2007-6668 264 2008-01-08 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.
393 CVE-2007-6667 89 Exec Code Sql 2008-01-04 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413.
394 CVE-2007-6666 89 Exec Code Sql 2008-01-04 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
395 CVE-2007-6665 89 Exec Code Sql 2008-01-04 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.
396 CVE-2007-6664 89 Exec Code Sql 2008-01-04 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
397 CVE-2007-6663 89 Exec Code Sql 2008-01-04 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
398 CVE-2007-6662 22 Dir. Trav. 2008-01-04 2018-10-15
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.
399 CVE-2007-6661 255 2008-01-04 2018-10-15
6.4
None Remote Low Not required Partial Partial None
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
400 CVE-2007-6660 200 +Info 2008-01-04 2018-10-15
5.0
None Remote Low Not required None Partial None
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages.
Total number of vulnerabilities : 497   Page : 1 2 3 4 5 6 7 8 (This Page)9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.