CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2008-1023 119 Exec Code Overflow 2008-04-04 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
402 CVE-2008-1022 119 Exec Code Overflow 2008-04-04 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.
403 CVE-2008-1021 119 Exec Code Overflow 2008-04-04 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.
404 CVE-2008-1020 119 Exec Code Overflow 2008-04-04 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.
405 CVE-2008-1019 119 Exec Code Overflow 2008-04-04 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.
406 CVE-2008-1018 119 Exec Code Overflow 2008-04-04 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.
407 CVE-2008-1017 119 Exec Code Overflow 2008-04-04 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
408 CVE-2008-1016 94 Exec Code Mem. Corr. 2008-04-04 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
409 CVE-2008-1015 119 Exec Code Overflow 2008-04-04 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
410 CVE-2008-1014 200 +Info 2008-04-04 2017-08-08
4.3
None Remote Medium Not required Partial None None
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
411 CVE-2008-1013 Exec Code 2008-04-04 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
412 CVE-2008-0963 134 Exec Code 2008-04-14 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface.
413 CVE-2008-0962 119 Exec Code Overflow 2008-04-14 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface.
414 CVE-2008-0961 287 Bypass 2008-04-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
415 CVE-2008-0927 399 DoS 2008-04-14 2018-10-31
5.0
None Remote Low Not required None None Partial
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
416 CVE-2008-0893 264 2008-04-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
417 CVE-2008-0892 20 Exec Code 2008-04-16 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
418 CVE-2008-0887 2008-04-06 2017-09-29
4.7
None Local Medium Not required None None Complete
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
419 CVE-2008-0884 264 +Priv 2008-04-04 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.
420 CVE-2008-0712 Exec Code +Info 2008-04-25 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
421 CVE-2008-0711 DoS 2008-04-08 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors.
422 CVE-2008-0709 264 2008-04-07 2017-08-08
5.5
None Remote Low ??? Partial Partial None
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
423 CVE-2008-0708 2008-04-06 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection.
424 CVE-2008-0555 287 Bypass 2008-04-04 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
425 CVE-2008-0320 119 DoS Exec Code Overflow 2008-04-17 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
426 CVE-2008-0314 119 Exec Code Overflow 2008-04-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
427 CVE-2008-0313 Exec Code 2008-04-08 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
428 CVE-2008-0312 119 Exec Code Overflow 2008-04-08 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
429 CVE-2008-0311 119 Exec Code Overflow 2008-04-06 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
430 CVE-2008-0310 22 Dir. Trav. 2008-04-07 2017-09-29
6.9
None Local Medium Not required Complete Complete Complete
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
431 CVE-2008-0165 352 CSRF 2008-04-21 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
432 CVE-2008-0087 287 2008-04-08 2018-10-30
8.8
None Remote Medium Not required None Complete Complete
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
433 CVE-2008-0083 94 Exec Code 2008-04-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
434 CVE-2008-0069 119 Exec Code Overflow 2008-04-02 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.
435 CVE-2008-0068 22 Dir. Trav. 2008-04-16 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.
436 CVE-2008-0066 119 Exec Code Overflow 2008-04-10 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.
437 CVE-2007-6715 DoS 2008-04-17 2008-11-15
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
438 CVE-2007-6714 287 Bypass 2008-04-17 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
439 CVE-2007-6713 2008-04-16 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files.
440 CVE-2007-6712 189 DoS Overflow 2008-04-12 2017-09-29
4.9
None Local Low Not required None None Complete
Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.
441 CVE-2007-6255 119 Exec Code Overflow 2008-04-23 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
442 CVE-2007-6020 119 Exec Code Overflow 2008-04-10 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.
443 CVE-2007-6019 Exec Code 2008-04-09 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
444 CVE-2007-5758 119 Exec Code Overflow 2008-04-16 2017-07-29
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
445 CVE-2007-5747 189 DoS Exec Code Overflow 2008-04-17 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.
446 CVE-2007-5746 189 DoS Exec Code Overflow 2008-04-17 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow.
447 CVE-2007-5745 119 DoS Exec Code Overflow 2008-04-17 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
448 CVE-2007-5664 59 2008-04-16 2017-07-29
6.9
None Local Medium Not required Complete Complete Complete
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.
449 CVE-2007-5661 94 2008-04-04 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
450 CVE-2007-5406 DoS 2008-04-10 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.
Total number of vulnerabilities : 454   Page : 1 2 3 4 5 6 7 8 9 (This Page)10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.