CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13501 CVE-2008-1860 94 2008-04-17 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
13502 CVE-2008-1842 189 DoS Exec Code Overflow 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
13503 CVE-2008-1831 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.
13504 CVE-2008-1830 2008-04-16 2018-10-11
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03.
13505 CVE-2008-1829 2008-04-16 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02.
13506 CVE-2008-1828 2008-04-16 2018-10-11
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.
13507 CVE-2008-1827 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and (6) APP11; (c) Applications Manager component, aka (7) APP06; (d) and Applications Technology Stack component, aka (8) APP08.
13508 CVE-2008-1826 2008-04-16 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.
13509 CVE-2008-1825 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.
13510 CVE-2008-1824 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.
13511 CVE-2008-1823 2008-04-16 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01.
13512 CVE-2008-1822 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
13513 CVE-2008-1821 Overflow 2008-04-16 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB15 is for multiple buffer overflows in the (1) AQ$_REGISTER and (2) AQ$_UNREGISTER procedures.
13514 CVE-2008-1818 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
13515 CVE-2008-1817 Sql 2008-04-16 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection.
13516 CVE-2008-1814 2008-04-16 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04.
13517 CVE-2008-1812 2008-04-16 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01.
13518 CVE-2008-1809 119 Exec Code Overflow 2008-07-14 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."
13519 CVE-2008-1805 20 Exec Code Bypass 2008-06-06 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
13520 CVE-2008-1803 189 Exec Code Overflow 2008-05-12 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.
13521 CVE-2008-1802 119 Exec Code Overflow 2008-05-12 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
13522 CVE-2008-1801 189 DoS Exec Code 2008-05-12 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
13523 CVE-2008-1786 94 Exec Code 2008-04-16 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.
13524 CVE-2008-1770 94 Exec Code 2008-06-04 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.
13525 CVE-2008-1766 2008-04-12 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
13526 CVE-2008-1765 119 Exec Code Overflow 2008-04-23 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244.
13527 CVE-2008-1764 2008-04-12 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
13528 CVE-2008-1762 399 DoS Exec Code Mem. Corr. 2008-04-12 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
13529 CVE-2008-1761 399 DoS Exec Code 2008-04-12 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
13530 CVE-2008-1725 2008-04-11 2017-09-28
9.0
None Remote Medium Not required Partial Complete Complete
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.
13531 CVE-2008-1724 119 Exec Code Overflow 2008-04-11 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
13532 CVE-2008-1718 119 Exec Code Overflow 2008-04-10 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.
13533 CVE-2008-1709 119 Exec Code Overflow 2008-04-09 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.
13534 CVE-2008-1704 119 Exec Code Overflow 2008-04-11 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.
13535 CVE-2008-1703 119 Exec Code Overflow 2008-04-11 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
13536 CVE-2008-1700 399 DoS 2008-04-08 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive.
13537 CVE-2008-1697 119 Exec Code Overflow 2008-04-08 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.
13538 CVE-2008-1690 399 DoS Exec Code Mem. Corr. 2008-04-07 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.
13539 CVE-2008-1686 189 Exec Code 2008-04-08 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
13540 CVE-2008-1681 264 2008-04-04 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
13541 CVE-2008-1673 119 DoS Exec Code Overflow 2008-06-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
13542 CVE-2008-1670 119 DoS Exec Code Overflow 2008-04-28 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
13543 CVE-2008-1668 264 +Priv 2008-08-13 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
13544 CVE-2008-1666 2008-07-17 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update.
13545 CVE-2008-1665 Exec Code 2008-07-17 2017-08-07
9.0
None Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors.
13546 CVE-2008-1662 16 2008-08-01 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
13547 CVE-2008-1661 119 Exec Code Overflow 2008-06-04 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.
13548 CVE-2008-1647 20 2008-04-02 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.
13549 CVE-2008-1633 2008-04-02 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.
13550 CVE-2008-1617 189 Exec Code 2008-04-08 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.