The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-0961 | EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | High | Apr 14, 2008 |
| CVE-2008-0962 | Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface. | High | Apr 14, 2008 |
| CVE-2008-0963 | Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | High | Apr 14, 2008 |
| CVE-2008-1100 | Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. | High | Apr 14, 2008 |
| CVE-2008-1382 | libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | High | Apr 14, 2008 |
| CVE-2008-1725 | The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information. | High | Apr 14, 2008 |
| CVE-2008-1726 | Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php. | Medium | Apr 14, 2008 |
| CVE-2008-1727 | KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | High | Apr 14, 2008 |
| CVE-2008-1728 | Unspecified vulnerability in Ignite Realtime Openfire 3.4.5 allows remote attackers to cause a denial of service (daemon outage) via unknown vectors. | Medium | Apr 14, 2008 |
| CVE-2008-1729 | The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. | Medium | Apr 14, 2008 |
| CVE-2008-1730 | Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | Medium | Apr 14, 2008 |
| CVE-2008-1731 | The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | High | Apr 14, 2008 |
| CVE-2008-1732 | SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action. | High | Apr 14, 2008 |
| CVE-2008-1733 | SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | High | Apr 14, 2008 |
| CVE-2008-1750 | SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI. | Medium | Apr 14, 2008 |
| CVE-2008-1751 | Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters. | Medium | Apr 14, 2008 |
| CVE-2008-1752 | ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information. | High | Apr 14, 2008 |
| CVE-2008-1753 | Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. | Medium | Apr 14, 2008 |
| CVE-2008-1754 | Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | Low | Apr 14, 2008 |
| CVE-2008-1755 | Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | Medium | Apr 14, 2008 |
| CVE-2008-1756 | Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. | Medium | Apr 14, 2008 |
| CVE-2008-1757 | Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. | Medium | Apr 14, 2008 |
| CVE-2008-1758 | SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php. | High | Apr 14, 2008 |
| CVE-2008-1759 | SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922. | High | Apr 14, 2008 |
| CVE-2008-1760 | Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include. | Medium | Apr 14, 2008 |
| CVE-2008-1761 | Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Unchangedsfeed source, which triggers an invalid memory access. | High | Apr 14, 2008 |
| CVE-2008-1762 | Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers a memory corruption. | High | Apr 14, 2008 |
| CVE-2008-1763 | SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter. | High | Apr 14, 2008 |
| CVE-2008-1764 | Unspecified vulnerability in Opera for Windows before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." | High | Apr 14, 2008 |
| CVE-2008-1766 | Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." | High | Apr 14, 2008 |
| CVE-2008-1772 | iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | Medium | Apr 14, 2008 |
| CVE-2008-1773 | PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | Medium | Apr 14, 2008 |
| CVE-2008-1774 | SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Apr 14, 2008 |
| CVE-2008-1775 | Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Apr 14, 2008 |
| CVE-2008-1776 | PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter. | Medium | Apr 14, 2008 |
| CVE-2008-1777 | The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. | Medium | Apr 14, 2008 |
| CVE-2008-1778 | Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. | Medium | Apr 14, 2008 |
| CVE-2008-1779 | Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. | Medium | Apr 14, 2008 |
| CVE-2008-1780 | Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. | Medium | Apr 14, 2008 |
| CVE-2008-1658 | Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. | Medium | Apr 11, 2008 |
| CVE-2008-1703 | Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. | Medium | Apr 11, 2008 |
| CVE-2008-1704 | Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server. | High | Apr 11, 2008 |
| CVE-2008-1724 | Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter. | High | Apr 11, 2008 |
| CVE-2008-0066 | Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. | High | Apr 10, 2008 |
| CVE-2008-1101 | Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document. | High | Apr 10, 2008 |
| CVE-2008-1655 | Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. | Medium | Apr 10, 2008 |
| CVE-2008-1688 | Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. | High | Apr 10, 2008 |
| CVE-2008-1705 | Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | Medium | Apr 10, 2008 |
| CVE-2008-1706 | Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. | Medium | Apr 10, 2008 |
| CVE-2008-1707 | IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. | Medium | Apr 10, 2008 |
