Search
Total
5300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5601 | 1 Robs-projects | 1 Asp User Engine | 2017-09-29 | 5.0 MEDIUM | N/A |
| User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. | |||||
| CVE-2008-5600 | 1 Merlix | 1 Teamworx Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. | |||||
| CVE-2008-5597 | 1 Cold Bbs | 1 Cold Bbs | 2017-09-29 | 5.0 MEDIUM | N/A |
| Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. | |||||
| CVE-2008-5596 | 1 Dotnetindex | 1 Ikon Admanager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | |||||
| CVE-2008-5592 | 1 Iwrite | 1 Nightfall Personal Diary | 2017-09-29 | 5.0 MEDIUM | N/A |
| Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. | |||||
| CVE-2008-5572 | 1 Dotnetindex | 1 Professional Download Assistant | 2017-09-29 | 5.0 MEDIUM | N/A |
| Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | |||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2017-09-29 | 5.0 MEDIUM | N/A |
| PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | |||||
| CVE-2008-5504 | 1 Mozilla | 1 Firefox | 2017-09-29 | 7.5 HIGH | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | |||||
| CVE-2008-5384 | 1 Ibm | 1 Aix | 2017-09-29 | 6.9 MEDIUM | N/A |
| crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | |||||
| CVE-2008-5347 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | |||||
| CVE-2008-5340 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | |||||
| CVE-2008-5308 | 1 Lovecms | 2 Lovecms, The Simple Forum | 2017-09-29 | 7.5 HIGH | N/A |
| The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php. | |||||
| CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2017-09-29 | 5.0 MEDIUM | N/A |
| ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | |||||
| CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | |||||
| CVE-2008-5127 | 1 Ocean12 Technologies | 1 Contact Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. | |||||
| CVE-2008-5121 | 4 Bluecoat, Cisco, Citrix and 1 more | 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more | 2017-09-29 | 7.2 HIGH | N/A |
| dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | |||||
| CVE-2008-4921 | 1 Chipmunk Scripts | 1 Chipmunk Cms | 2017-09-29 | 7.5 HIGH | N/A |
| board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4644 | 1 Mywebland | 1 Mystats | 2017-09-29 | 7.5 HIGH | N/A |
| hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header. | |||||
| CVE-2008-4600 | 1 Steve Dawson | 1 Pokermax Poker League Tournament Script | 2017-09-29 | 7.5 HIGH | N/A |
| configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie. | |||||
| CVE-2008-4577 | 1 Dovecot | 1 Dovecot | 2017-09-29 | 6.4 MEDIUM | N/A |
| The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2008-4554 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | |||||
| CVE-2008-4453 | 1 Dspicture | 2 Light Imaging Toolkit, Pro Imaging Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4451 | 1 Eset Software | 1 System Analyzer Tool | 2017-09-29 | 7.2 HIGH | N/A |
| The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer. | |||||
| CVE-2008-4405 | 1 Citrix | 1 Xen | 2017-09-29 | 7.2 HIGH | N/A |
| xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. | |||||
| CVE-2008-4341 | 1 Myblog | 1 Myblog | 2017-09-29 | 7.5 HIGH | N/A |
| add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. | |||||
| CVE-2008-4334 | 1 Cannot | 1 Php Infoboard | 2017-09-29 | 7.5 HIGH | N/A |
| PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | |||||
| CVE-2008-4313 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2017-09-29 | 6.0 MEDIUM | N/A |
| A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. | |||||
| CVE-2008-4245 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2017-09-29 | 6.5 MEDIUM | N/A |
| The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php. | |||||
| CVE-2008-4210 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. | |||||
| CVE-2008-4131 | 1 Sun | 1 Solaris | 2017-09-29 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs. | |||||
| CVE-2008-4060 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. | |||||
| CVE-2008-4018 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805. | |||||
| CVE-2008-3924 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19. | |||||
| CVE-2008-3875 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.2 HIGH | N/A |
| The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls. | |||||
| CVE-2008-3835 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 7.5 HIGH | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | |||||
| CVE-2008-3833 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210. | |||||
| CVE-2008-3681 | 1 Joomla | 1 Com User | 2017-09-29 | 7.5 HIGH | N/A |
| components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. | |||||
| CVE-2008-3602 | 1 Psychdaily | 1 Php Ring Webring System | 2017-09-29 | 7.5 HIGH | N/A |
| admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2008-3557 | 1 Fhm-script | 1 Free Hosting Manager | 2017-09-29 | 7.5 HIGH | N/A |
| Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies. | |||||
| CVE-2008-3527 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions. | |||||
| CVE-2008-3525 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.2 HIGH | N/A |
| The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | |||||
| CVE-2008-3508 | 1 Wogan May | 1 Litenews | 2017-09-29 | 5.0 MEDIUM | N/A |
| LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie. | |||||
| CVE-2008-3454 | 1 Jnshosts | 1 Php Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1. | |||||
| CVE-2008-3303 | 1 Tuxplanet | 1 Bilboblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | |||||
| CVE-2008-3279 | 1 Mielke | 1 Brltty | 2017-09-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | |||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2017-09-29 | 6.5 MEDIUM | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
| CVE-2008-3156 | 1 Panda | 1 Panda Activescan | 2017-09-29 | 9.3 HIGH | N/A |
| The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | |||||
| CVE-2008-4059 | 1 Mozilla | 1 Firefox | 2017-09-29 | 7.5 HIGH | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. | |||||
| CVE-2008-2940 | 1 Hp | 1 Linux Imaging And Printing Project | 2017-09-29 | 7.2 HIGH | N/A |
| The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. | |||||