LiveActive security incident?Get immediate response
CVE archive

April 2008

Browse CVE records published in April 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 659 matching CVEs · Page 2 of 14.

Unknown · CVSS Not scored

CVE-2008-6682: Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before...

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

Published Apr 9, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6752: adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the o...

adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.

Published Apr 24, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6700: Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.

Published Apr 10, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6773: Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows...

Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters.

Published Apr 29, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6709: Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4....

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."

Published Apr 10, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6706: Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES)...

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

Published Apr 10, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6708: Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4....

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."

Published Apr 10, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6736: Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attack...

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

Published Apr 21, 2009 · Updated Aug 7, 2024