Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1822 | 1 Oracle | 1 Application Express | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02. | |||||
| CVE-2008-1823 | 1 Oracle | 1 Jinitiator | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01. | |||||
| CVE-2008-1825 | 1 Oracle | 1 Application Server 9i | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03. | |||||
| CVE-2008-1826 | 1 Oracle | 1 E-business Suite | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05. | |||||
| CVE-2008-1827 | 1 Oracle | 2 E-business Suite 11i, E-business Suite 12 | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and (6) APP11; (c) Applications Manager component, aka (7) APP06; (d) and Applications Technology Stack component, aka (8) APP08. | |||||
| CVE-2008-1828 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01. | |||||
| CVE-2008-1829 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02. | |||||
| CVE-2008-1830 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Hcm Eperformance | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03. | |||||
| CVE-2008-1831 | 1 Oracle | 1 Siebel Enterprise | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06. | |||||
| CVE-2008-1842 | 1 Hp | 1 Openview Network Node Manager | 2018-10-11 | 10.0 HIGH | N/A |
| Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow. | |||||
| CVE-2008-1846 | 1 Sap | 1 Netweaver | 2018-10-11 | 4.3 MEDIUM | N/A |
| The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. | |||||
| CVE-2008-1860 | 1 Lokicms | 1 Lokicms | 2018-10-11 | 9.3 HIGH | N/A |
| Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter. | |||||
| CVE-2008-1865 | 1 Openmosix Project | 1 Openmosix | 2018-10-11 | 1.9 LOW | N/A |
| Stack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this function with a long item argument. NOTE: the vendor does not provide any program that is capable of causing this overflow. | |||||
| CVE-2008-1883 | 1 Blackboard | 1 Blackboard Academic Suite | 2018-10-11 | 6.8 MEDIUM | N/A |
| The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. | |||||
| CVE-2008-1888 | 1 Microsoft | 1 Sharepoint Server | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. | |||||
| CVE-2008-1895 | 1 Carboncommunities | 1 Carbon Communities | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action. | |||||
| CVE-2008-1896 | 1 Carboncommunities | 1 Carbon Communities | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp. | |||||
| CVE-2008-1897 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2018-10-11 | 4.3 MEDIUM | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923. | |||||
| CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2018-10-11 | 9.3 HIGH | N/A |
| A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | |||||
| CVE-2008-1900 | 1 Carbon Communities | 1 Carbon Communities | 2018-10-11 | 7.5 HIGH | N/A |
| option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field. | |||||
| CVE-2008-1910 | 1 Borland | 1 Interbase | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244. | |||||
| CVE-2008-1912 | 1 Divx | 1 Divx Player | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file. | |||||
| CVE-2008-1914 | 1 Bigantsoft | 1 Bigant Messenger | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1920 | 1 Icq | 1 Mirabilis Icq | 2018-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message. | |||||
| CVE-2008-1921 | 1 5th Avenue Software | 1 5th Avenue Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter. | |||||
| CVE-2008-1926 | 1 Linux | 1 Util-linux | 2018-10-11 | 7.5 HIGH | N/A |
| Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." | |||||
| CVE-2008-1927 | 1 Perl | 1 Perl | 2018-10-11 | 5.0 MEDIUM | N/A |
| Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. | |||||
| CVE-2008-1675 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 7.2 HIGH | N/A |
| The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. | |||||
| CVE-2008-1686 | 2 Xine, Xiph | 3 Xine-lib, Libfishsound, Speex | 2018-10-11 | 9.3 HIGH | N/A |
| Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | |||||
| CVE-2008-1699 | 1 Desiquintans | 1 Writers Block Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter. | |||||
| CVE-2008-1702 | 1 E107 | 2 E107, My Gallery | 2018-10-11 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1705 | 1 Ibm | 1 Soliddb | 2018-10-11 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | |||||
| CVE-2008-1706 | 1 Ibm | 1 Soliddb | 2018-10-11 | 4.3 MEDIUM | N/A |
| Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. | |||||
| CVE-2008-1707 | 1 Ibm | 1 Soliddb | 2018-10-11 | 4.3 MEDIUM | N/A |
| IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. | |||||
| CVE-2008-1708 | 1 Ibm | 1 Soliddb | 2018-10-11 | 4.3 MEDIUM | N/A |
| IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field. | |||||
| CVE-2008-1716 | 1 Woltlab | 1 Burning Board | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message. | |||||
| CVE-2008-1717 | 1 Woltlab | 1 Burning Board | 2018-10-11 | 5.0 MEDIUM | N/A |
| WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found. | |||||
| CVE-2008-1724 | 1 Tumbleweed | 2 Securetransport Server, Securetransport Server App | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter. | |||||
| CVE-2008-1733 | 2 Joomla, Pragmaticutopia | 2 Joomla, Com Puarcade | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | |||||
| CVE-2008-1735 | 1 Bitdefender | 1 Antivirus | 2018-10-11 | 4.9 MEDIUM | N/A |
| BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | |||||
| CVE-2008-1736 | 1 Comodo | 1 Comodo Personal Firewall | 2018-10-11 | 7.2 HIGH | N/A |
| Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. | |||||
| CVE-2008-1737 | 1 Sophos | 1 Anti-virus | 2018-10-11 | 6.9 MEDIUM | N/A |
| Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. | |||||
| CVE-2008-1738 | 1 Rising-global | 1 Rising Antivirus | 2018-10-11 | 2.1 LOW | N/A |
| Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | |||||
| CVE-2008-1753 | 1 Alkacon | 1 Opencms | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. | |||||
| CVE-2008-1757 | 1 Kwsphp | 1 Kwsphp | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. | |||||
| CVE-2008-1763 | 1 Blogator Script | 1 Blogator Script | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter. | |||||
| CVE-2008-1770 | 1 Akamai | 1 Download Manager | 2018-10-11 | 9.3 HIGH | N/A |
| CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. | |||||
| CVE-2008-1786 | 1 Computer Associates | 7 Arcserve Backup Laptops And Desktops, Desktop And Server Management, Desktop Management Suite and 4 more | 2018-10-11 | 9.3 HIGH | N/A |
| The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. | |||||
| CVE-2008-1795 | 1 Blackboard | 1 Academic Suite | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl. | |||||
| CVE-2008-1797 | 1 Secure Computing | 1 Webwasher | 2018-10-11 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL. | |||||