Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3814 | 1 Cisco | 1 Unity | 2017-08-08 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | |||||
| CVE-2008-3818 | 1 Cisco | 7 Ons, Ons 15310-cl, Ons 15310-ma and 4 more | 2017-08-08 | 7.8 HIGH | N/A |
| Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session. | |||||
| CVE-2008-3819 | 1 Cisco | 4 Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Gss 4491 Global Site Selector and 1 more | 2017-08-08 | 5.0 MEDIUM | N/A |
| dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093. | |||||
| CVE-2008-3820 | 1 Cisco | 1 Security Manager | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports. | |||||
| CVE-2008-3832 | 2 Linux, Redhat | 2 Linux Kernel, Fedora | 2017-08-08 | 4.9 MEDIUM | N/A |
| A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function. | |||||
| CVE-2008-3836 | 1 Mozilla | 1 Firefox | 2017-08-08 | 7.5 HIGH | N/A |
| feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions. | |||||
| CVE-2008-3838 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service. | |||||
| CVE-2008-3839 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-08 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2008-3844 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Enterprise Linux Desktop | 2017-08-08 | 9.3 HIGH | N/A |
| Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. | |||||
| CVE-2008-3846 | 1 Aquagardensoft | 1 Mysql-lists | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3847 | 1 Aguestbook | 1 An Guestbook | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3849 | 1 Civic-cms | 1 Civic-cms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields. | |||||
| CVE-2008-3850 | 1 Accellion | 1 Secure File Transfer Appliance | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html. | |||||
| CVE-2008-3853 | 1 Ibm | 1 Db2 Universal Database | 2017-08-08 | 9.3 HIGH | N/A |
| Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676. | |||||
| CVE-2008-3855 | 1 Ibm | 1 Db2 Universal Database | 2017-08-08 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | |||||
| CVE-2008-3856 | 1 Ibm | 1 Db2 Universal Database | 2017-08-08 | 7.5 HIGH | N/A |
| The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | |||||
| CVE-2008-3857 | 1 Ibm | 1 Db2 Universal Database | 2017-08-08 | 4.6 MEDIUM | N/A |
| The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | |||||
| CVE-2008-3858 | 1 Ibm | 1 Db2 Universal Database | 2017-08-08 | 4.3 MEDIUM | N/A |
| The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | |||||
| CVE-2008-3860 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. | |||||
| CVE-2008-3866 | 1 Trend Micro | 3 Internet Security 2007, Internet Security 2008, Officescan | 2017-08-08 | 4.6 MEDIUM | N/A |
| The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. | |||||
| CVE-2008-3873 | 1 Adobe | 1 Flash Player | 2017-08-08 | 4.3 MEDIUM | N/A |
| The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008. | |||||
| CVE-2008-3883 | 1 Caudium | 1 Caudium | 2017-08-08 | 7.2 HIGH | N/A |
| configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file. | |||||
| CVE-2008-3884 | 1 Blogn | 1 Blogn | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2006-6176. | |||||
| CVE-2008-3885 | 1 Blogn | 1 Blogn | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3886 | 1 Dotproject | 1 Dotproject | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. | |||||
| CVE-2008-3887 | 1 Dotproject | 1 Dotproject | 2017-08-08 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action. | |||||
| CVE-2008-3890 | 2 Amd, Freebsd | 2 Amd64, Freebsd | 2017-08-08 | 7.2 HIGH | N/A |
| The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call. | |||||
| CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2017-08-08 | 3.5 LOW | N/A |
| Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-3904 | 1 Lxde | 2 Gpicview, Lightweight X11 Desktop Environment | 2017-08-08 | 7.5 HIGH | N/A |
| src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2008-3907 | 1 Newsbeuter | 1 Newsbeuter | 2017-08-08 | 6.8 MEDIUM | N/A |
| The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL. | |||||
| CVE-2008-3910 | 1 Hsc | 1 Dns2tcp | 2017-08-08 | 10.0 HIGH | N/A |
| dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact. | |||||
| CVE-2008-3911 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 7.2 HIGH | N/A |
| The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file. | |||||
| CVE-2008-3915 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 9.3 HIGH | N/A |
| Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. | |||||
| CVE-2008-3918 | 1 Ovidentia | 1 Ovidentia | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3919 | 1 Justsystems | 1 Ichitaro | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008. | |||||
| CVE-2008-3920 | 1 Bitlbee | 1 Bitlbee | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors. | |||||
| CVE-2008-3927 | 1 Tiger | 1 Tiger | 2017-08-08 | 7.2 HIGH | N/A |
| genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2008-3928 | 1 Debian | 1 Honeyd Common | 2017-08-08 | 6.9 MEDIUM | N/A |
| test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2008-3929 | 1 Ampache | 1 Ampache | 2017-08-08 | 7.2 HIGH | N/A |
| gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. | |||||
| CVE-2008-3930 | 1 Debian | 1 Citadel Server | 2017-08-08 | 6.9 MEDIUM | N/A |
| migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2008-3931 | 1 R Foundation | 1 R | 2017-08-08 | 6.9 MEDIUM | N/A |
| javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2008-3940 | 1 Hp | 1 Openvms | 2017-08-08 | 4.4 MEDIUM | N/A |
| Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | |||||
| CVE-2008-3942 | 1 Ozsari | 1 Full Php Emlak Script | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3946 | 1 Hp | 1 Openvms | 2017-08-08 | 4.9 MEDIUM | N/A |
| The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. | |||||
| CVE-2008-3947 | 1 Hp | 1 Openvms | 2017-08-08 | 7.2 HIGH | N/A |
| DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. | |||||
| CVE-2008-3949 | 1 Suse | 1 Suse Linux | 2017-08-08 | 7.2 HIGH | N/A |
| emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file. | |||||
| CVE-2008-3956 | 1 Microsoft | 1 Organization Chart | 2017-08-08 | 9.3 HIGH | N/A |
| orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. | |||||
| CVE-2008-3957 | 1 Microsoft | 1 Windows Image Acquisition Logger | 2017-08-08 | 9.3 HIGH | N/A |
| The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3958 | 1 Ibm | 1 Db2 | 2017-08-08 | 7.5 HIGH | N/A |
| IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. | |||||
| CVE-2008-3959 | 1 Ibm | 1 Db2 | 2017-08-08 | 5.0 MEDIUM | N/A |
| IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | |||||