Search
Total
5300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3619 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.1 LOW | N/A |
| Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2008-3618 | 1 Apple | 1 Mac Os X | 2017-08-08 | 9.0 HIGH | N/A |
| The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended. | |||||
| CVE-2008-3609 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.2 HIGH | N/A |
| The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | |||||
| CVE-2008-3605 | 1 Mcafee | 1 Encrypted Usb Manager | 2017-08-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors. | |||||
| CVE-2008-3717 | 1 Harmoni | 1 Harmoni | 2017-08-08 | 5.0 MEDIUM | N/A |
| Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2008-3573 | 2 Php-nuke, Pligg | 2 Php-nuke, Pligg | 2017-08-08 | 5.0 MEDIUM | N/A |
| The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. | |||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2017-08-08 | 7.5 HIGH | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
| CVE-2008-3395 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2017-08-08 | 5.0 MEDIUM | N/A |
| Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160. | |||||
| CVE-2008-3268 | 1 Brickhost | 1 Phpscheduleit | 2017-08-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3273 | 1 Jboss | 1 Enterprise Application Platform | 2017-08-08 | 5.0 MEDIUM | N/A |
| JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | |||||
| CVE-2008-3226 | 1 Joomla | 1 Joomla | 2017-08-08 | 5.0 MEDIUM | N/A |
| The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | |||||
| CVE-2008-3225 | 1 Joomla | 1 Joomla | 2017-08-08 | 10.0 HIGH | N/A |
| Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | |||||
| CVE-2008-3172 | 1 Opera | 1 Opera | 2017-08-08 | 6.8 MEDIUM | N/A |
| Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | |||||
| CVE-2008-3170 | 1 Apple | 1 Safari | 2017-08-08 | 6.8 MEDIUM | N/A |
| Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | |||||
| CVE-2008-3158 | 1 Novell | 1 Novell Client For Windows | 2017-08-08 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. | |||||
| CVE-2008-3096 | 1 Drupal | 1 Outline Designer Module | 2017-08-08 | 6.5 MEDIUM | N/A |
| The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges. | |||||
| CVE-2008-3300 | 1 Alphadmin | 1 Alphadmin Cms | 2017-08-08 | 7.5 HIGH | N/A |
| AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3047 | 1 Typo3 | 1 Kb Unpack Extension | 2017-08-08 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
| CVE-2008-3046 | 1 Typo3 | 1 Packman Extension | 2017-08-08 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
| CVE-2008-3042 | 1 Typo3 | 1 Dam Frontend Extension | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling." | |||||
| CVE-2008-3041 | 1 Typo3 | 1 Dam Frontend Extension | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control." | |||||
| CVE-2008-3000 | 1 Drupal | 1 Aggregation Module | 2017-08-08 | 6.8 MEDIUM | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2008-2830 | 1 Apple | 1 Mac Os X | 2017-08-08 | 7.2 HIGH | N/A |
| Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | |||||
| CVE-2008-2827 | 1 Perl | 1 Perl | 2017-08-08 | 4.6 MEDIUM | N/A |
| The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. | |||||
| CVE-2008-2824 | 1 Xerox | 1 Workcentre | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | |||||
| CVE-2008-2794 | 1 Symantec | 1 Altiris Notification Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-2784 | 1 Spamdyke | 1 Spamdyke | 2017-08-08 | 6.4 MEDIUM | N/A |
| The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command. | |||||
| CVE-2008-2771 | 1 Drupal | 2 Drupal, Node Hierarchy Module | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | |||||
| CVE-2008-2724 | 1 Menalto | 1 Gallery | 2017-08-08 | 5.0 MEDIUM | N/A |
| Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-2722 | 1 Menalto | 1 Gallery | 2017-08-08 | 7.5 HIGH | N/A |
| Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | |||||
| CVE-2008-2707 | 2 Intel, Sun | 4 Network Interface Controller, Opensolaris, Solaris and 1 more | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. | |||||
| CVE-2008-2539 | 1 Sun | 1 Cluster | 2017-08-08 | 7.2 HIGH | N/A |
| The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors. | |||||
| CVE-2008-2420 | 1 Stunnel | 1 Stunnel | 2017-08-08 | 6.8 MEDIUM | N/A |
| The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. | |||||
| CVE-2008-2402 | 1 Sun | 1 Java Asp Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. | |||||
| CVE-2008-2400 | 1 Stunnel | 1 Stunnel | 2017-08-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-2378 | 1 Hf | 1 Hf | 2017-08-08 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | |||||
| CVE-2008-2367 | 1 Redhat | 1 Certificate System | 2017-08-08 | 2.1 LOW | N/A |
| Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. | |||||
| CVE-2008-2331 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | |||||
| CVE-2008-2324 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.6 MEDIUM | N/A |
| The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. | |||||
| CVE-2008-2313 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.6 MEDIUM | N/A |
| Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | |||||
| CVE-2008-2308 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. | |||||
| CVE-2008-2309 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | |||||
| CVE-2008-2290 | 1 Symantec | 1 Altiris Deployment Solution | 2017-08-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-2289 | 1 Symantec | 1 Altiris Deployment Solution | 2017-08-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-2288 | 1 Symantec | 1 Altiris Deployment Solution | 2017-08-08 | 3.6 LOW | N/A |
| Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. | |||||
| CVE-2008-2287 | 1 Symantec | 1 Altiris Deployment Solution | 2017-08-08 | 7.2 HIGH | N/A |
| Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. | |||||
| CVE-2008-2300 | 1 Citrix | 4 Access Essentials, Citrix Presentation Server, Desktop Server and 1 more | 2017-08-08 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. | |||||
| CVE-2008-2226 | 1 Openkm | 1 Openkm | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2139 | 1 Rpath | 1 Appliance Platform Agent | 2017-08-08 | 6.5 MEDIUM | N/A |
| The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. | |||||