CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2008(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-0509 119 DoS Overflow +Priv 2008-01-31 2017-09-28
4.4
None Local Medium Single system None None Complete
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
2 CVE-2008-0495 DoS 2008-01-30 2017-08-07
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.
3 CVE-2008-0445 DoS 2008-01-24 2017-08-07
5.0
None Remote Low Not required None None Partial
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
4 CVE-2008-0406 20 DoS 2008-01-28 2018-10-15
5.0
None Remote Low Not required None None Partial
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
5 CVE-2008-0401 119 DoS Exec Code Overflow 2008-01-23 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.
6 CVE-2008-0384 DoS 2008-01-22 2018-10-30
4.9
None Local Low Not required None None Complete
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
7 CVE-2008-0379 119 DoS Exec Code Overflow 2008-01-22 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
8 CVE-2008-0378 119 DoS Exec Code Overflow 2008-01-22 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
9 CVE-2008-0366 119 DoS Exec Code Overflow 2008-01-18 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.
10 CVE-2008-0365 119 DoS Exec Code Overflow 2008-01-18 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.
11 CVE-2008-0364 119 DoS Overflow 2008-01-18 2018-10-15
5.0
None Remote Low Not required None None Partial
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
12 CVE-2008-0352 119 DoS Overflow 2008-01-17 2017-09-28
7.8
None Remote Low Not required None None Complete
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
13 CVE-2008-0331 20 DoS 2008-01-17 2017-08-07
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.
14 CVE-2008-0330 287 DoS 2008-01-17 2017-08-07
7.8
None Remote Low Not required None None Complete
Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.
15 CVE-2008-0324 399 DoS Mem. Corr. 2008-01-16 2017-09-28
4.9
None Local Low Not required None None Complete
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
16 CVE-2008-0298 20 DoS 2008-01-16 2018-10-15
4.3
None Remote Medium Not required None None Partial
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.
17 CVE-2008-0296 119 DoS Exec Code Overflow 2008-01-16 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
18 CVE-2008-0295 119 DoS Exec Code Overflow 2008-01-16 2017-09-28
8.5
None Remote Medium Single system Complete Complete Complete
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
19 CVE-2008-0285 DoS 2008-01-15 2008-09-05
5.0
None Remote Low Not required None None Partial
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
20 CVE-2008-0269 DoS 2008-01-15 2018-10-30
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
21 CVE-2008-0263 399 DoS 2008-01-15 2008-11-15
5.0
None Remote Low Not required None None Partial
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
22 CVE-2008-0261 399 DoS 2008-01-15 2017-08-07
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
23 CVE-2008-0243 DoS 2008-01-11 2017-08-07
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
24 CVE-2008-0227 119 DoS Overflow 2008-01-10 2018-10-15
7.5
User Remote Low Not required Partial Partial Partial
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
25 CVE-2008-0199 20 DoS 2008-01-09 2018-10-15
5.0
None Remote Low Not required None None Partial
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.
26 CVE-2008-0194 22 DoS Dir. Trav. 2008-01-09 2018-10-15
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.
27 CVE-2008-0172 20 DoS 2008-01-17 2018-10-15
5.0
None Remote Low Not required None None Partial
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
28 CVE-2008-0171 20 DoS 2008-01-17 2018-10-15
5.0
None Remote Low Not required None None Partial
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
29 CVE-2008-0153 399 DoS 2008-01-08 2017-08-07
5.0
None Remote Low Not required None None Partial
telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.
30 CVE-2008-0152 119 DoS Overflow 2008-01-08 2011-09-21
4.3
None Remote Medium Not required None None Partial
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode.
31 CVE-2008-0151 119 DoS Exec Code Overflow 2008-01-08 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.
32 CVE-2008-0132 399 DoS 2008-01-08 2017-08-07
5.0
None Remote Low Not required None None Partial
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
33 CVE-2008-0127 119 DoS Exec Code Overflow 2008-01-09 2018-10-15
8.8
None Remote Medium Not required None Complete Complete
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
34 CVE-2008-0122 189 DoS Exec Code Mem. Corr. 2008-01-15 2019-08-01
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
35 CVE-2008-0095 399 DoS 2008-01-07 2018-10-15
5.0
None Remote Low Not required None None Partial
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
36 CVE-2008-0090 119 DoS Overflow 2008-01-03 2017-09-28
5.0
None Remote Low Not required None None Partial
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.
37 CVE-2008-0061 DoS 2008-01-03 2008-09-05
5.0
None Remote Low Not required None None Partial
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."
38 CVE-2008-0035 399 DoS Exec Code Mem. Corr. 2008-01-15 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
39 CVE-2008-0033 399 DoS Exec Code Mem. Corr. 2008-01-15 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
40 CVE-2008-0031 399 DoS Exec Code Mem. Corr. 2008-01-15 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
41 CVE-2008-0028 DoS 2008-01-23 2018-10-26
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
42 CVE-2008-0027 119 DoS Exec Code Overflow 2008-01-16 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
43 CVE-2007-6694 399 DoS 2008-01-29 2018-10-03
7.8
None Remote Low Not required None None Complete
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
44 CVE-2007-6684 20 DoS 2008-01-16 2017-09-28
5.0
None Remote Low Not required None None Partial
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
45 CVE-2007-6630 DoS 2008-01-03 2018-10-15
5.0
None Remote Low Not required None None Partial
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
46 CVE-2007-6629 DoS 2008-01-03 2018-10-15
5.0
None Remote Low Not required None None Partial
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line.
47 CVE-2007-6628 DoS 2008-01-03 2018-10-15
5.0
None Remote Low Not required None None Partial
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header.
48 CVE-2007-6627 189 DoS Exec Code Overflow 2008-01-03 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff.
49 CVE-2007-6625 134 DoS 2008-01-03 2017-08-07
5.0
None Remote Low Not required None None Partial
The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan.
50 CVE-2007-6613 119 DoS Exec Code Overflow 2008-01-03 2017-08-07
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Total number of vulnerabilities : 63   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.