Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1658 | 1 Freedesktop | 1 Policykit | 2017-08-08 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. | |||||
| CVE-2008-1661 | 1 Hp | 1 Storageworks Storage Mirroring | 2017-08-08 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request. | |||||
| CVE-2008-1665 | 1 Hp | 1 Hpsi Active Directory Bidirectional Ldap Connector | 2017-08-08 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-1667 | 2 Eps, Hp | 2 Probe Builder, Openview Internet Services | 2017-08-08 | 7.8 HIGH | N/A |
| The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode. | |||||
| CVE-2008-1670 | 1 Kde | 1 Kde | 2017-08-08 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. | |||||
| CVE-2008-1671 | 1 Kde | 1 Kde | 2017-08-08 | 4.6 MEDIUM | N/A |
| start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. | |||||
| CVE-2008-1681 | 1 Ibm | 1 Db2 Content Manager | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege. | |||||
| CVE-2008-1685 | 1 Gnu | 1 Gcc | 2017-08-08 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999). | |||||
| CVE-2008-1687 | 1 Gnu | 1 M4 | 2017-08-08 | 7.5 HIGH | N/A |
| The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | |||||
| CVE-2008-1688 | 1 Gnu | 1 M4 | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. | |||||
| CVE-2008-1689 | 1 Seattle Lab Software | 1 Slmail Pro | 2017-08-08 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1690 | 1 Seattle Lab Software | 1 Slmail Pro | 2017-08-08 | 10.0 HIGH | N/A |
| WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1691 | 1 Seattle Lab Software | 1 Slmail Pro | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1698 | 1 Ventrian | 1 Simple Gallery | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gallery 2.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1700 | 1 Interwoven | 1 Worksite Web | 2017-08-08 | 9.3 HIGH | N/A |
| The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive. | |||||
| CVE-2008-1701 | 2 Apple, Novell | 2 Mac Os X, Iprint | 2017-08-08 | 5.0 MEDIUM | N/A |
| Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. | |||||
| CVE-2008-1703 | 1 Tibco | 8 Adapter Files Z Os, Hawk, Iprocess Engine and 5 more | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. | |||||
| CVE-2008-1704 | 1 Tibco | 2 Enterprise Message Service, Iprocess Engine | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server. | |||||
| CVE-2008-1718 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2017-08-08 | 9.3 HIGH | N/A |
| Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment. | |||||
| CVE-2008-1719 | 1 Truzone | 1 Nuke Et | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document. | |||||
| CVE-2008-1728 | 1 Ignite Realtime | 1 Openfire | 2017-08-08 | 4.0 MEDIUM | N/A |
| ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages. | |||||
| CVE-2008-1731 | 2 3281d, Drupal | 2 Simple Access, Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | |||||
| CVE-2008-1734 | 1 Gentoo | 2 Linux, Php Toolkit | 2017-08-08 | 3.6 LOW | N/A |
| Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. | |||||
| CVE-2008-1740 | 1 Cisco | 1 Unified Presence | 2017-08-08 | 7.8 HIGH | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. | |||||
| CVE-2008-1741 | 1 Cisco | 1 Unified Presence | 2017-08-08 | 7.8 HIGH | N/A |
| The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533. | |||||
| CVE-2008-1742 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | 7.8 HIGH | N/A |
| Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. | |||||
| CVE-2008-1744 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2017-08-08 | 7.8 HIGH | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. | |||||
| CVE-2008-1745 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. | |||||
| CVE-2008-1746 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | 7.8 HIGH | N/A |
| The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. | |||||
| CVE-2008-1749 | 1 Cisco | 2 Cisco Content Switching Module, Cisco Content Switching Module Ssl | 2017-08-08 | 7.8 HIGH | N/A |
| Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags. | |||||
| CVE-2008-1752 | 1 Achmad Zaenuri | 1 Ezradius | 2017-08-08 | 7.5 HIGH | N/A |
| ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1754 | 1 Symantec | 1 Altiris Deployment Solution | 2017-08-08 | 1.7 LOW | N/A |
| Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | |||||
| CVE-2008-1756 | 1 Sun | 1 N1 Grid Engine | 2017-08-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2008-1761 | 1 Opera | 1 Opera | 2017-08-08 | 9.3 HIGH | N/A |
| Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. | |||||
| CVE-2008-1762 | 1 Opera | 1 Opera Browser | 2017-08-08 | 9.3 HIGH | N/A |
| Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. | |||||
| CVE-2008-1764 | 1 Opera | 1 Opera | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." | |||||
| CVE-2008-1766 | 1 Phpbb | 1 Phpbb | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." | |||||
| CVE-2008-1771 | 1 Fireflymediaserver | 1 Fireflymediaserver | 2017-08-08 | 7.5 HIGH | N/A |
| Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length. | |||||
| CVE-2008-1775 | 1 Manageengine | 1 Firewall Analyzer | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1780 | 1 Sun | 1 Solaris | 2017-08-08 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. | |||||
| CVE-2008-1787 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1792 | 2 Drupal, Drupalr | 2 Drupal, Flickr | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1793 | 1 Hoffice | 3 Smart Classified Ads, Smart Photo Ads, Smart Photo Ads Gold | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1794 | 1 Drupal | 1 Webform Module | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1796 | 2 Comix, Redhat | 2 Comix, Fedora | 2017-08-08 | 4.9 MEDIUM | N/A |
| Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. | |||||
| CVE-2008-1800 | 1 Divx | 1 Divxdb | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1804 | 1 Snort | 1 Snort | 2017-08-08 | 6.8 MEDIUM | N/A |
| preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. | |||||
| CVE-2008-1809 | 1 Novell | 1 Edirectory | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." | |||||
| CVE-2008-1810 | 2 Linux, Sap | 2 Linux Kernel, Maxdb | 2017-08-08 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. | |||||
| CVE-2008-1832 | 1 Cecilia | 1 Cecilia | 2017-08-08 | 3.3 LOW | N/A |
| lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file. | |||||