CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2008-1098 79 XSS 2008-03-05 2018-10-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
402 CVE-2008-1097 399 DoS Exec Code Overflow Mem. Corr. 2008-03-05 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
403 CVE-2008-1096 119 DoS Exec Code Overflow 2008-03-05 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
404 CVE-2008-1092 119 Exec Code Overflow 2008-03-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
405 CVE-2008-1079 +Priv 2008-03-04 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges.
406 CVE-2008-1012 20 DoS 2008-03-20 2017-08-08
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."
407 CVE-2008-1011 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.
408 CVE-2008-1010 119 Exec Code Overflow 2008-03-19 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
409 CVE-2008-1009 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
410 CVE-2008-1008 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
411 CVE-2008-1007 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
412 CVE-2008-1006 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
413 CVE-2008-1005 200 +Info 2008-03-19 2017-08-08
2.1
None Local Low Not required Partial None None
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
414 CVE-2008-1004 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
415 CVE-2008-1003 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
416 CVE-2008-1002 79 XSS 2008-03-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
417 CVE-2008-1001 79 XSS 2008-03-19 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
418 CVE-2008-1000 22 Dir. Trav. 2008-03-18 2018-10-15
8.5
None Remote Medium ??? Complete Complete Complete
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
419 CVE-2008-0999 20 DoS 2008-03-18 2017-08-08
7.1
None Remote Medium Not required None None Complete
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
420 CVE-2008-0998 264 Exec Code Bypass 2008-03-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
421 CVE-2008-0997 119 DoS Exec Code Overflow 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.
422 CVE-2008-0996 255 2008-03-18 2017-08-08
1.7
None Local Low ??? Partial None None
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
423 CVE-2008-0995 200 +Info 2008-03-18 2017-08-08
2.6
None Remote High Not required Partial None None
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
424 CVE-2008-0994 200 +Info 2008-03-18 2017-08-08
2.6
None Remote High Not required Partial None None
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
425 CVE-2008-0993 200 +Info 2008-03-18 2013-08-27
2.1
None Local Low Not required Partial None None
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.
426 CVE-2008-0992 119 Exec Code Overflow 2008-03-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
427 CVE-2008-0990 200 DoS +Info 2008-03-18 2017-08-08
4.4
None Local Medium Not required Partial Partial Partial
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
428 CVE-2008-0989 134 Exec Code 2008-03-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
429 CVE-2008-0988 189 DoS 2008-03-18 2011-03-08
4.3
None Remote Medium Not required None None Partial
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
430 CVE-2008-0987 119 Exec Code Overflow 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.
431 CVE-2008-0986 189 Exec Code Overflow 2008-03-06 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
432 CVE-2008-0985 119 Exec Code Overflow 2008-03-06 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
433 CVE-2008-0951 94 Exec Code 2008-03-24 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
434 CVE-2008-0949 +Priv 2008-03-18 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
435 CVE-2008-0948 119 DoS Exec Code Overflow 2008-03-19 2020-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
436 CVE-2008-0947 119 Exec Code Overflow 2008-03-19 2020-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
437 CVE-2008-0931 264 DoS Exec Code 2008-03-04 2008-09-05
6.3
None Local Medium Not required None Complete Complete
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.
438 CVE-2008-0930 59 2008-03-04 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.
439 CVE-2008-0928 264 2008-03-03 2020-11-02
4.7
None Local Medium Not required Complete None None
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
440 CVE-2008-0926 287 DoS Bypass 2008-03-28 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
441 CVE-2008-0924 119 DoS Exec Code Overflow 2008-03-28 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.
442 CVE-2008-0890 264 Exec Code 2008-03-12 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.
443 CVE-2008-0889 264 Exec Code 2008-03-20 2008-09-05
2.1
None Local Low Not required None Partial None
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.
444 CVE-2008-0888 119 DoS Exec Code Overflow 2008-03-17 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
445 CVE-2008-0883 59 2008-03-06 2017-08-08
3.7
None Local High Not required Partial Partial Partial
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
446 CVE-2008-0727 119 Exec Code Overflow 2008-03-18 2018-10-15
8.5
None Remote Low ??? None Complete Complete
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
447 CVE-2008-0707 264 +Priv 2008-03-20 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors.
448 CVE-2008-0706 287 Bypass 2008-03-31 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.
449 CVE-2008-0704 264 2008-03-28 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.
450 CVE-2008-0644 XSS Bypass 2008-03-12 2017-08-08
5.0
None Remote Low Not required None Partial None
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
Total number of vulnerabilities : 506   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.