| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
61701 |
CVE-2008-1836 |
|
|
DoS |
2008-04-16 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. |
|
61702 |
CVE-2008-1835 |
20 |
|
Bypass |
2008-04-16 |
2017-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. |
|
61703 |
CVE-2008-1834 |
264 |
|
|
2008-04-16 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file. |
|
61704 |
CVE-2008-1832 |
59 |
|
|
2008-04-16 |
2017-08-07 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file. |
|
61705 |
CVE-2008-1820 |
|
|
Overflow |
2008-04-16 |
2018-10-11 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure. |
|
61706 |
CVE-2008-1816 |
|
|
Sql |
2008-04-16 |
2018-10-11 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection. |
|
61707 |
CVE-2008-1815 |
|
|
Sql |
2008-04-16 |
2018-10-11 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL injection in LOCK_CHANGE_SET. |
|
61708 |
CVE-2008-1813 |
|
|
Sql |
2008-04-16 |
2018-10-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password. |
|
61709 |
CVE-2008-1811 |
|
|
Exec Code |
2008-04-16 |
2018-10-11 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote authenticated users. |
|
61710 |
CVE-2008-1810 |
264 |
|
+Priv |
2008-08-01 |
2017-08-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. |
|
61711 |
CVE-2008-1804 |
|
|
Bypass |
2008-05-22 |
2017-08-07 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. |
|
61712 |
CVE-2008-1800 |
79 |
|
XSS |
2008-04-15 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
61713 |
CVE-2008-1799 |
22 |
|
Dir. Trav. |
2008-04-15 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. |
|
61714 |
CVE-2008-1796 |
|
|
DoS |
2008-04-15 |
2017-08-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. |
|
61715 |
CVE-2008-1795 |
79 |
|
XSS |
2008-04-15 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl. |
|
61716 |
CVE-2008-1794 |
79 |
|
XSS |
2008-04-15 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
61717 |
CVE-2008-1793 |
79 |
|
XSS |
2008-04-15 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
61718 |
CVE-2008-1792 |
79 |
|
XSS |
2008-04-15 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
61719 |
CVE-2008-1790 |
264 |
|
Sql |
2008-04-15 |
2017-09-28 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. |
|
61720 |
CVE-2008-1789 |
89 |
|
Exec Code Sql |
2008-04-15 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. |
|
61721 |
CVE-2008-1787 |
79 |
|
XSS |
2008-04-15 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
61722 |
CVE-2008-1785 |
20 |
|
|
2008-04-15 |
2017-09-28 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. |
|
61723 |
CVE-2008-1783 |
264 |
|
|
2008-04-15 |
2017-09-28 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. |
|
61724 |
CVE-2008-1782 |
200 |
|
+Info |
2008-04-15 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. |
|
61725 |
CVE-2008-1780 |
264 |
|
Bypass |
2008-04-14 |
2017-08-07 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. |
|
61726 |
CVE-2008-1779 |
399 |
|
DoS |
2008-04-14 |
2017-09-28 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. |
|
61727 |
CVE-2008-1778 |
16 |
|
DoS |
2008-04-14 |
2018-10-30 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. |
|
61728 |
CVE-2008-1777 |
399 |
|
DoS |
2008-04-14 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. |
|
61729 |
CVE-2008-1776 |
94 |
|
Exec Code File Inclusion |
2008-04-14 |
2017-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter. |
|
61730 |
CVE-2008-1775 |
79 |
|
XSS |
2008-04-14 |
2017-08-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
61731 |
CVE-2008-1773 |
94 |
|
Exec Code File Inclusion |
2008-04-14 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
|
61732 |
CVE-2008-1772 |
310 |
|
+Info |
2008-04-14 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. |
|
61733 |
CVE-2008-1769 |
399 |
|
DoS Mem. Corr. |
2008-04-25 |
2017-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. |
|
61734 |
CVE-2008-1768 |
119 |
|
DoS Overflow |
2008-04-25 |
2017-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. |
|
61735 |
CVE-2008-1760 |
94 |
|
Exec Code File Inclusion |
2008-04-12 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include. |
|
61736 |
CVE-2008-1757 |
79 |
|
XSS |
2008-04-12 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. |
|
61737 |
CVE-2008-1756 |
|
|
DoS |
2008-04-11 |
2017-08-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. |
|
61738 |
CVE-2008-1755 |
22 |
|
Dir. Trav. |
2008-04-11 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. |
|
61739 |
CVE-2008-1754 |
310 |
|
+Info |
2008-04-11 |
2017-08-07 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. |
|
61740 |
CVE-2008-1753 |
79 |
|
XSS |
2008-04-11 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. |
|
61741 |
CVE-2008-1751 |
22 |
|
Dir. Trav. |
2008-04-11 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters. |
|
61742 |
CVE-2008-1739 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-09-03 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. |
|
61743 |
CVE-2008-1738 |
20 |
|
DoS |
2008-04-29 |
2018-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. |
|
61744 |
CVE-2008-1737 |
20 |
|
DoS +Priv |
2008-04-29 |
2018-10-11 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. |
|
61745 |
CVE-2008-1735 |
|
|
DoS |
2008-04-29 |
2018-10-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. |
|
61746 |
CVE-2008-1734 |
20 |
|
DoS |
2008-04-18 |
2017-08-07 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. |
|
61747 |
CVE-2008-1730 |
22 |
|
Dir. Trav. |
2008-04-11 |
2017-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. |
|
61748 |
CVE-2008-1729 |
|
|
+Info |
2008-04-11 |
2017-08-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. |
|
61749 |
CVE-2008-1728 |
399 |
|
DoS |
2008-04-11 |
2017-08-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages. |
|
61750 |
CVE-2008-1726 |
89 |
|
Exec Code Sql |
2008-04-11 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php. |
