| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1603 | 0.00 | — | 0.01 | Apr 1, 2008 | Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form. | |||
| CVE-2008-1604 | 0.00 | — | 0.01 | Apr 1, 2008 | Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-1605 | 0.03 | — | 0.02 | Apr 1, 2008 | The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method. | |||
| CVE-2008-1606 | 0.03 | — | 0.02 | Apr 1, 2008 | Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the… | |||
| CVE-2008-1607 | 0.03 | — | 0.01 | Apr 1, 2008 | SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter. | |||
| CVE-2008-1608 | 0.00 | — | 0.01 | Apr 1, 2008 | SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. | |||
| CVE-2008-1609 | 0.06 | — | 0.41 | Apr 1, 2008 | Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter… | |||
| CVE-2008-1610 | 0.07 | — | 0.54 | Apr 1, 2008 | Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request. | |||
| CVE-2008-1611 | 0.08 | — | 0.68 | Apr 1, 2008 | Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request. | |||
| CVE-2008-0211 | 0.00 | — | 0.00 | Mar 31, 2008 | Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2008-0706 | 0.00 | — | 0.01 | Mar 31, 2008 | Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | |||
| CVE-2008-1591 | 0.03 | — | 0.01 | Mar 31, 2008 | The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as… | |||
| CVE-2008-1592 | 0.00 | — | 0.00 | Mar 31, 2008 | MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway… | |||
| CVE-2008-1593 | 0.00 | — | 0.00 | Mar 31, 2008 | The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably… | |||
| CVE-2008-1594 | 0.00 | — | 0.00 | Mar 31, 2008 | The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a… | |||
| CVE-2008-1595 | 0.00 | — | 0.00 | Mar 31, 2008 | The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information. | |||
| CVE-2008-1596 | 0.00 | — | 0.00 | Mar 31, 2008 | Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a… | |||
| CVE-2008-1597 | 0.00 | — | 0.00 | Mar 31, 2008 | The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior." | |||
| CVE-2008-1598 | 0.00 | — | 0.00 | Mar 31, 2008 | The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. | |||
| CVE-2008-1599 | 0.00 | — | 0.00 | Mar 31, 2008 | The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | |||
| CVE-2008-1600 | 0.00 | — | 0.00 | Mar 31, 2008 | The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. | |||
| CVE-2008-1601 | 0.00 | — | 0.00 | Mar 31, 2008 | Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges. | |||
| CVE-2008-1560 | 0.03 | — | 0.02 | Mar 31, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp. | |||
| CVE-2008-1561 | 0.04 | — | 0.09 | Mar 31, 2008 | Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. | |||
| CVE-2008-1562 | 0.07 | — | 0.51 | Mar 31, 2008 | The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. | |||
| CVE-2008-1563 | 0.03 | — | 0.04 | Mar 31, 2008 | The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||
| CVE-2008-1564 | 0.03 | — | 0.02 | Mar 31, 2008 | Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename. | |||
| CVE-2008-1565 | 0.03 | — | 0.02 | Mar 31, 2008 | Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | |||
| CVE-2008-1566 | 0.00 | — | 0.01 | Mar 31, 2008 | Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2008-1567 | Med | 0.36 | 5.5 | 0.00 | Mar 31, 2008 | phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | ||
| CVE-2008-1568 | 0.00 | — | 0.02 | Mar 31, 2008 | comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs. | |||
| CVE-2008-1569 | 0.00 | — | 0.00 | Mar 31, 2008 | policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. | |||
| CVE-2008-1570 | 0.00 | — | 0.00 | Mar 31, 2008 | Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for… | |||
| CVE-2008-0070 | 0.00 | — | 0.01 | Mar 31, 2008 | Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. | |||
| CVE-2008-1548 | 0.00 | — | 0.01 | Mar 31, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr… | |||
| CVE-2008-1549 | 0.00 | — | 0.01 | Mar 31, 2008 | Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to… | |||
| CVE-2008-1550 | 0.00 | — | 0.01 | Mar 31, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter. | |||
| CVE-2008-1551 | 0.03 | — | 0.01 | Mar 31, 2008 | SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-1552 | 0.00 | — | 0.04 | Mar 31, 2008 | The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which… | |||
| CVE-2008-1553 | 0.03 | — | 0.02 | Mar 31, 2008 | Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter. | |||
| CVE-2008-1554 | 0.03 | — | 0.01 | Mar 31, 2008 | SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism. | |||
| CVE-2008-1555 | 0.03 | — | 0.02 | Mar 31, 2008 | Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter. | |||
| CVE-2008-1556 | 0.03 | — | 0.02 | Mar 31, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b)… | |||
| CVE-2008-1557 | 0.03 | — | 0.03 | Mar 31, 2008 | BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function. | |||
| CVE-2008-1558 | 0.04 | — | 0.17 | Mar 31, 2008 | Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow. | |||
| CVE-2008-1559 | 0.03 | — | 0.01 | Mar 31, 2008 | SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||
| CVE-2008-0704 | 0.00 | — | 0.04 | Mar 28, 2008 | Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown… | |||
| CVE-2008-1542 | 0.00 | — | 0.02 | Mar 28, 2008 | Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262. | |||
| CVE-2008-1543 | 0.00 | — | 0.01 | Mar 28, 2008 | The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262. | |||
| CVE-2008-1544 | 0.02 | — | 0.26 | Mar 28, 2008 | The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request… |
- CVE-2008-1603Apr 1, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form.
- CVE-2008-1604Apr 1, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-1605Apr 1, 2008risk 0.03cvss —epss 0.02
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.
- CVE-2008-1606Apr 1, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the…
- CVE-2008-1607Apr 1, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.
- CVE-2008-1608Apr 1, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583.
- CVE-2008-1609Apr 1, 2008risk 0.06cvss —epss 0.41
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter…
- CVE-2008-1610Apr 1, 2008risk 0.07cvss —epss 0.54
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
- CVE-2008-1611Apr 1, 2008risk 0.08cvss —epss 0.68
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
- CVE-2008-0211Mar 31, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors.
- CVE-2008-0706Mar 31, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.
- CVE-2008-1591Mar 31, 2008risk 0.03cvss —epss 0.01
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as…
- CVE-2008-1592Mar 31, 2008risk 0.00cvss —epss 0.00
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway…
- CVE-2008-1593Mar 31, 2008risk 0.00cvss —epss 0.00
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably…
- CVE-2008-1594Mar 31, 2008risk 0.00cvss —epss 0.00
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a…
- CVE-2008-1595Mar 31, 2008risk 0.00cvss —epss 0.00
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
- CVE-2008-1596Mar 31, 2008risk 0.00cvss —epss 0.00
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a…
- CVE-2008-1597Mar 31, 2008risk 0.00cvss —epss 0.00
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
- CVE-2008-1598Mar 31, 2008risk 0.00cvss —epss 0.00
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.
- CVE-2008-1599Mar 31, 2008risk 0.00cvss —epss 0.00
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
- CVE-2008-1600Mar 31, 2008risk 0.00cvss —epss 0.00
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
- CVE-2008-1601Mar 31, 2008risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.
- CVE-2008-1560Mar 31, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.
- CVE-2008-1561Mar 31, 2008risk 0.04cvss —epss 0.09
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.
- CVE-2008-1562Mar 31, 2008risk 0.07cvss —epss 0.51
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
- CVE-2008-1563Mar 31, 2008risk 0.03cvss —epss 0.04
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
- CVE-2008-1564Mar 31, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
- CVE-2008-1565Mar 31, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
- CVE-2008-1566Mar 31, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- risk 0.36cvss 5.5epss 0.00
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
- CVE-2008-1568Mar 31, 2008risk 0.00cvss —epss 0.02
comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
- CVE-2008-1569Mar 31, 2008risk 0.00cvss —epss 0.00
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
- CVE-2008-1570Mar 31, 2008risk 0.00cvss —epss 0.00
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for…
- CVE-2008-0070Mar 31, 2008risk 0.00cvss —epss 0.01
Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.
- CVE-2008-1548Mar 31, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr…
- CVE-2008-1549Mar 31, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to…
- CVE-2008-1550Mar 31, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.
- CVE-2008-1551Mar 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-1552Mar 31, 2008risk 0.00cvss —epss 0.04
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which…
- CVE-2008-1553Mar 31, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter.
- CVE-2008-1554Mar 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.
- CVE-2008-1555Mar 31, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter.
- CVE-2008-1556Mar 31, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b)…
- CVE-2008-1557Mar 31, 2008risk 0.03cvss —epss 0.03
BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.
- CVE-2008-1558Mar 31, 2008risk 0.04cvss —epss 0.17
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.
- CVE-2008-1559Mar 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
- CVE-2008-0704Mar 28, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown…
- CVE-2008-1542Mar 28, 2008risk 0.00cvss —epss 0.02
Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
- CVE-2008-1543Mar 28, 2008risk 0.00cvss —epss 0.01
The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.
- CVE-2008-1544Mar 28, 2008risk 0.02cvss —epss 0.26
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request…