Lista CVE - 2008 / Marzo
Visualizzazione 501 - 520 di 520 CVE per Marzo 2008 (Pagina 6 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-1565 | 2008-03-31 | Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx... |
| CVE-2008-1566 | 2008-03-31 | Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this... |
| CVE-2008-1567 | 2008-03-31 | phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to... |
| CVE-2008-1568 | 2008-03-31 | comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs. |
| CVE-2008-1569 | 2008-03-31 | policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. |
| CVE-2008-1570 | 2008-03-31 | Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic... |
| CVE-2008-0211 | 2008-03-31 | Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors. |
| CVE-2008-0706 | 2008-03-31 | Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass... |
| CVE-2008-1591 | 2008-03-31 | The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via... |
| CVE-2008-1592 | 2008-03-31 | MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows... |
| CVE-2008-1593 | 2008-03-31 | The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions... |
| CVE-2008-1594 | 2008-03-31 | The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node... |
| CVE-2008-1595 | 2008-03-31 | The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the... |
| CVE-2008-1596 | 2008-03-31 | Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing... |
| CVE-2008-1597 | 2008-03-31 | The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior." |
| CVE-2008-1598 | 2008-03-31 | The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. |
| CVE-2008-1599 | 2008-03-31 | The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3)... |
| CVE-2008-1600 | 2008-03-31 | The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. |
| CVE-2008-1601 | 2008-03-31 | Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges. |
| CVE-2008-1603 | 2008-04-01 | Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form. |
| CVE-2008-1604 | 2008-04-01 | Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-1605 | 2008-04-01 | The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the... |
| CVE-2008-1606 | 2008-04-01 | Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp,... |
| CVE-2008-1607 | 2008-04-01 | SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter. |
| CVE-2008-1608 | 2008-04-01 | SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. |
| CVE-2008-1609 | 2008-04-01 | Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website... |
| CVE-2008-1610 | 2008-04-01 | Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a... |
| CVE-2008-1611 | 2008-04-01 | Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read... |
| CVE-2008-1515 | 2008-04-01 | The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." |
| CVE-2008-1612 | 2008-04-01 | The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which... |
| CVE-2008-1614 | 2008-04-02 | suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2)... |
| CVE-2008-1619 | 2008-04-02 | The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. |
| CVE-2008-0069 | 2008-04-02 | Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than... |
| CVE-2008-1620 | 2008-04-02 | Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot... |
| CVE-2008-1621 | 2008-04-02 | Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE:... |
| CVE-2008-1622 | 2008-04-02 | Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3)... |
| CVE-2008-1623 | 2008-04-02 | SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| CVE-2008-1624 | 2008-04-02 | Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter. |
| CVE-2008-1625 | 2008-04-02 | aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. |
| CVE-2008-1626 | 2008-04-02 | SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. |
| CVE-2008-1627 | 2008-04-02 | CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. |
| CVE-2008-1628 | 2008-04-02 | Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of... |
| CVE-2008-1629 | 2008-04-02 | Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-1630 | 2008-04-02 | Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php,... |
| CVE-2008-1631 | 2008-04-02 | SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php. |
| CVE-2008-1632 | 2008-04-02 | Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the... |
| CVE-2008-1633 | 2008-04-02 | Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE. |
| CVE-2008-1634 | 2008-04-02 | Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this... |
| CVE-2008-1635 | 2008-04-02 | Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot)... |
| CVE-2008-1636 | 2008-04-02 | Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this... |
| CVE-2008-1637 | 2008-04-02 | PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache,... |
| CVE-2008-1638 | 2008-04-02 | Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse. |
| CVE-2008-1639 | 2008-04-02 | SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle... |
| CVE-2008-1640 | 2008-04-02 | SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter... |
| CVE-2008-1641 | 2008-04-02 | SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. |
| CVE-2008-1642 | 2008-04-02 | Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance... |
| CVE-2008-1643 | 2008-04-02 | Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2008-1644 | 2008-04-02 | SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown;... |
| CVE-2008-1645 | 2008-04-02 | Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter. |
| CVE-2008-1646 | 2008-04-02 | SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. |
| CVE-2008-1647 | 2008-04-02 | The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some... |
| CVE-2008-1648 | 2008-04-02 | Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers.... |
| CVE-2008-1649 | 2008-04-02 | Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action. |
| CVE-2008-1650 | 2008-04-02 | SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action. |
| CVE-2008-1651 | 2008-04-02 | Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. |
| CVE-2008-1652 | 2008-04-02 | Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via... |
| CVE-2008-1653 | 2008-04-02 | Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the... |
| CVE-2008-1654 | 2008-04-02 | Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function... |
| CVE-2008-1657 | 2008-04-02 | OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. |
| CVE-2008-1331 | 2008-04-02 | cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell... |
| CVE-2007-5661 | 2008-04-04 | The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers... |
| CVE-2008-0555 | 2008-04-04 | The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote... |
| CVE-2008-0884 | 2008-04-04 | The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to... |
| CVE-2008-1373 | 2008-04-04 | Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to... |
| CVE-2008-1374 | 2008-04-04 | Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted... |
| CVE-2008-1680 | 2008-04-04 | PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc. |
| CVE-2003-1556 | 2008-04-04 | Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title)... |
| CVE-2003-1557 | 2008-04-04 | Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters. |
| CVE-2008-1013 | 2008-04-04 | Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. |
| CVE-2008-1014 | 2008-04-04 | Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. |
| CVE-2008-1015 | 2008-04-04 | Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. |
| CVE-2008-1016 | 2008-04-04 | Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. |
| CVE-2008-1017 | 2008-04-04 | Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. |
| CVE-2008-1018 | 2008-04-04 | Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. |
| CVE-2008-1019 | 2008-04-04 | Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy... |
| CVE-2008-1020 | 2008-04-04 | Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to... |
| CVE-2008-1021 | 2008-04-04 | Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. |
| CVE-2008-1022 | 2008-04-04 | Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size. |
| CVE-2008-1023 | 2008-04-04 | Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. |
| CVE-2008-1154 | 2008-04-04 | The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility... |
| CVE-2008-1681 | 2008-04-04 | Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege. |
| CVE-2008-1682 | 2008-04-04 | PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir... |
| CVE-2008-0311 | 2008-04-06 | Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP... |
| CVE-2008-0708 | 2008-04-06 | HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched... |
| CVE-2008-0887 | 2008-04-06 | gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked... |
| CVE-2008-1602 | 2008-04-06 | Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for... |
| CVE-2008-1684 | 2008-04-06 | inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. |
| CVE-2008-1685 | 2008-04-06 | gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the... |
| CVE-2008-0310 | 2008-04-07 | Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably... |
| CVE-2008-0709 | 2008-04-07 | Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than... |