Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4928 | 1 Mybb | 1 Mybb | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection. | |||||
| CVE-2008-5001 | 1 Ultravnc | 1 Ultravnc | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610. | |||||
| CVE-2008-4655 | 1 Typo3 | 2 Simplesurvey, Typo3 | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4661 | 1 Typo3 | 2 Page Improvements, Typo3 | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4646 | 1 Websense | 1 Enterpise | 2011-03-08 | 2.1 LOW | N/A |
| The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. | |||||
| CVE-2008-4222 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.1 HIGH | N/A |
| natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. | |||||
| CVE-2008-4691 | 1 Ibm | 1 Db2 | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | |||||
| CVE-2008-4221 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. | |||||
| CVE-2008-4219 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 4.9 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. | |||||
| CVE-2008-4224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.1 HIGH | N/A |
| UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. | |||||
| CVE-2008-4223 | 1 Apple | 1 Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | |||||
| CVE-2008-4217 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 9.3 HIGH | N/A |
| Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. | |||||
| CVE-2008-4418 | 1 Hp | 1 Hp-ux | 2011-03-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2008-4236 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.1 HIGH | N/A |
| Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. | |||||
| CVE-2008-4228 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2011-03-08 | 3.6 LOW | N/A |
| The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. | |||||
| CVE-2008-4229 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2011-03-08 | 3.7 LOW | N/A |
| Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | |||||
| CVE-2008-4230 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2011-03-08 | 1.9 LOW | N/A |
| The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. | |||||
| CVE-2008-4232 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2011-03-08 | 5.0 MEDIUM | N/A |
| Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | |||||
| CVE-2008-4233 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2011-03-08 | 2.6 LOW | N/A |
| Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. | |||||
| CVE-2008-4656 | 1 Typo3 | 2 Frontend Users View, Typo3 | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4657 | 1 Typo3 | 2 Econda Plugin, Typo3 | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4658 | 1 Typo3 | 2 Jobcontrol, Typo3 | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4659 | 1 Typo3 | 2 Mannschaftsliste, Typo3 | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4218 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. | |||||
| CVE-2008-4237 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. | |||||
| CVE-2008-4314 | 1 Samba | 1 Samba | 2011-03-08 | 8.5 HIGH | N/A |
| smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. | |||||
| CVE-2008-4171 | 1 Invision Power Services | 1 Invision Power Board | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-4326 | 2 Microsoft, Phpmyadmin | 2 Internet Explorer, Phpmyadmin | 2011-03-08 | 4.3 MEDIUM | N/A |
| The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | |||||
| CVE-2008-4220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. | |||||
| CVE-2008-4551 | 1 Strongswan | 1 Strongswan | 2011-03-08 | 5.0 MEDIUM | N/A |
| strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP). | |||||
| CVE-2008-3829 | 1 Condor Project | 1 Condor | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors. | |||||
| CVE-2008-3830 | 1 Condor Project | 1 Condor | 2011-03-08 | 7.2 HIGH | N/A |
| Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions. | |||||
| CVE-2008-3828 | 1 Condor Project | 1 Condor | 2011-03-08 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2008-3826 | 1 Condor Project | 1 Condor | 2011-03-08 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors. | |||||
| CVE-2008-3909 | 1 Django Project | 1 Django | 2011-03-08 | 5.8 MEDIUM | N/A |
| The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests. | |||||
| CVE-2008-3631 | 1 Apple | 1 Ipod Touch | 2011-03-08 | 7.1 HIGH | N/A |
| Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. | |||||
| CVE-2008-3515 | 1 Adobe | 1 Presenter | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. | |||||
| CVE-2008-3516 | 1 Adobe | 1 Presenter | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. | |||||
| CVE-2008-3488 | 1 Novell | 1 Imanager | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. | |||||
| CVE-2008-2991 | 1 Adobe | 1 Robohelp Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. | |||||
| CVE-2008-3537 | 1 Hp | 1 Openview Network Node Manager | 2011-03-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536. | |||||
| CVE-2008-3536 | 1 Hp | 1 Openview Network Node Manager | 2011-03-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537. | |||||
| CVE-2008-3235 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | |||||
| CVE-2008-2889 | 1 Wise-ftp | 1 Wise-ftp | 2011-03-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | |||||
| CVE-2008-2172 | 1 Hitachi | 3 Gr2000, Gr3000, Gr4000 | 2011-03-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Hitachi GR routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
| CVE-2008-2171 | 1 Alaxala | 1 Ax Router | 2011-03-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
| CVE-2008-2233 | 1 Openwsman | 1 Openwsman | 2011-03-08 | 7.5 HIGH | N/A |
| The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. | |||||
| CVE-2008-2306 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2011-03-08 | 9.3 HIGH | N/A |
| Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | |||||
| CVE-2008-1995 | 1 Sun | 1 Java System Directory Server | 2011-03-08 | 7.5 HIGH | N/A |
| Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. | |||||
| CVE-2008-1805 | 1 Skype Technologies | 1 Skype | 2011-03-08 | 9.3 HIGH | N/A |
| Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. | |||||