| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1816 | 0.00 | — | 0.02 | Apr 16, 2008 | Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the… | |||
| CVE-2008-1817 | 0.00 | — | 0.02 | Apr 16, 2008 | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous… | |||
| CVE-2008-1818 | 0.00 | — | 0.03 | Apr 16, 2008 | Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. | |||
| CVE-2008-1819 | 0.00 | — | 0.00 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09. | |||
| CVE-2008-1820 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has… | |||
| CVE-2008-1821 | 0.00 | — | 0.03 | Apr 16, 2008 | Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has… | |||
| CVE-2008-1822 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02. | |||
| CVE-2008-1823 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01. | |||
| CVE-2008-1824 | 0.00 | — | 0.03 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02. | |||
| CVE-2008-1825 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03. | |||
| CVE-2008-1826 | 0.00 | — | 0.02 | Apr 16, 2008 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05. | |||
| CVE-2008-1827 | 0.00 | — | 0.02 | Apr 16, 2008 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and… | |||
| CVE-2008-1828 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01. | |||
| CVE-2008-1829 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02. | |||
| CVE-2008-1830 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03. | |||
| CVE-2008-1831 | 0.00 | — | 0.02 | Apr 16, 2008 | Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06. | |||
| CVE-2008-1787 | 0.03 | — | 0.01 | Apr 15, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2008-1788 | 0.03 | — | 0.01 | Apr 15, 2008 | SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-1789 | 0.03 | — | 0.01 | Apr 15, 2008 | SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||
| CVE-2008-1790 | 0.03 | — | 0.01 | Apr 15, 2008 | Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | |||
| CVE-2008-1791 | 0.03 | — | 0.01 | Apr 15, 2008 | SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter. | |||
| CVE-2008-1792 | 0.00 | — | 0.01 | Apr 15, 2008 | Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-1793 | 0.00 | — | 0.01 | Apr 15, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of… | |||
| CVE-2008-1794 | 0.00 | — | 0.01 | Apr 15, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-1795 | 0.03 | — | 0.02 | Apr 15, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to… | |||
| CVE-2008-1796 | 0.00 | — | 0.00 | Apr 15, 2008 | Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. | |||
| CVE-2008-1797 | 0.00 | — | 0.01 | Apr 15, 2008 | Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL. | |||
| CVE-2008-1798 | 0.03 | — | 0.02 | Apr 15, 2008 | Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter. | |||
| CVE-2008-1799 | 0.03 | — | 0.03 | Apr 15, 2008 | Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. | |||
| CVE-2008-1800 | 0.03 | — | 0.01 | Apr 15, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this… | |||
| CVE-2008-1782 | 0.03 | — | 0.02 | Apr 15, 2008 | phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. | |||
| CVE-2008-1783 | 0.03 | — | 0.02 | Apr 15, 2008 | Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | |||
| CVE-2008-1784 | 0.03 | — | 0.03 | Apr 15, 2008 | Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. | |||
| CVE-2008-1785 | 0.03 | — | 0.02 | Apr 15, 2008 | delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | |||
| CVE-2008-0927 | 0.09 | — | 0.70 | Apr 14, 2008 | dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be… | |||
| CVE-2008-0961 | Cri | 0.64 | 9.8 | 0.05 | Apr 14, 2008 | EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | ||
| CVE-2008-0962 | 0.00 | — | 0.04 | Apr 14, 2008 | Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface. | |||
| CVE-2008-0963 | 0.00 | — | 0.03 | Apr 14, 2008 | Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | |||
| CVE-2008-1100 | 0.01 | — | 0.11 | Apr 14, 2008 | Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. | |||
| CVE-2008-1382 | 0.00 | — | 0.06 | Apr 14, 2008 | libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of… | |||
| CVE-2008-1772 | 0.03 | — | 0.02 | Apr 14, 2008 | iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | |||
| CVE-2008-1773 | 0.05 | — | 0.24 | Apr 14, 2008 | PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||
| CVE-2008-1774 | 0.03 | — | 0.01 | Apr 14, 2008 | SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-1775 | 0.00 | — | 0.01 | Apr 14, 2008 | Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2008-1776 | 0.05 | — | 0.24 | Apr 14, 2008 | PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter. | |||
| CVE-2008-1777 | 0.00 | — | 0.02 | Apr 14, 2008 | The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. | |||
| CVE-2008-1778 | 0.00 | — | 0.00 | Apr 14, 2008 | Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. | |||
| CVE-2008-1779 | 0.00 | — | 0.02 | Apr 14, 2008 | Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. | |||
| CVE-2008-1780 | 0.00 | — | 0.00 | Apr 14, 2008 | Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. | |||
| CVE-2008-1757 | 0.03 | — | 0.01 | Apr 12, 2008 | Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. |
- CVE-2008-1816Apr 16, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the…
- CVE-2008-1817Apr 16, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous…
- CVE-2008-1818Apr 16, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
- CVE-2008-1819Apr 16, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.
- CVE-2008-1820Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has…
- CVE-2008-1821Apr 16, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has…
- CVE-2008-1822Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
- CVE-2008-1823Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01.
- CVE-2008-1824Apr 16, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.
- CVE-2008-1825Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.
- CVE-2008-1826Apr 16, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.
- CVE-2008-1827Apr 16, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and…
- CVE-2008-1828Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.
- CVE-2008-1829Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02.
- CVE-2008-1830Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03.
- CVE-2008-1831Apr 16, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.
- CVE-2008-1787Apr 15, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2008-1788Apr 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-1789Apr 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
- CVE-2008-1790Apr 15, 2008risk 0.03cvss —epss 0.01
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
- CVE-2008-1791Apr 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
- CVE-2008-1792Apr 15, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-1793Apr 15, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of…
- CVE-2008-1794Apr 15, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-1795Apr 15, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to…
- CVE-2008-1796Apr 15, 2008risk 0.00cvss —epss 0.00
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
- CVE-2008-1797Apr 15, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.
- CVE-2008-1798Apr 15, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
- CVE-2008-1799Apr 15, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
- CVE-2008-1800Apr 15, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this…
- CVE-2008-1782Apr 15, 2008risk 0.03cvss —epss 0.02
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.
- CVE-2008-1783Apr 15, 2008risk 0.03cvss —epss 0.02
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
- CVE-2008-1784Apr 15, 2008risk 0.03cvss —epss 0.03
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
- CVE-2008-1785Apr 15, 2008risk 0.03cvss —epss 0.02
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
- CVE-2008-0927Apr 14, 2008risk 0.09cvss —epss 0.70
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be…
- risk 0.64cvss 9.8epss 0.05
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
- CVE-2008-0962Apr 14, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface.
- CVE-2008-0963Apr 14, 2008risk 0.00cvss —epss 0.03
Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface.
- CVE-2008-1100Apr 14, 2008risk 0.01cvss —epss 0.11
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
- CVE-2008-1382Apr 14, 2008risk 0.00cvss —epss 0.06
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of…
- CVE-2008-1772Apr 14, 2008risk 0.03cvss —epss 0.02
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
- CVE-2008-1773Apr 14, 2008risk 0.05cvss —epss 0.24
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
- CVE-2008-1774Apr 14, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-1775Apr 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from…
- CVE-2008-1776Apr 14, 2008risk 0.05cvss —epss 0.24
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
- CVE-2008-1777Apr 14, 2008risk 0.00cvss —epss 0.02
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.
- CVE-2008-1778Apr 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
- CVE-2008-1779Apr 14, 2008risk 0.00cvss —epss 0.02
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
- CVE-2008-1780Apr 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
- CVE-2008-1757Apr 12, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.