CVE Daily
← All years

Uncategorized 2008

Page 2/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2008-12-10
Critical

CVE-2008-5414

Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-5412

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-5411

IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

CVSS: 5.0CWE: CWE-310
Read more
High

CVE-2008-5410

The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a deni…

CVSS: 7.8CWE: CWE-310
Read more
Medium

CVE-2008-4311

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sendin…

CVSS: 4.6CWE: CWE-16
Read more
2008-12-09
Critical

CVE-2008-5398

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remot…

CVSS: 9.3CWE: CWE-264
Read more
High

CVE-2008-5397

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group membershi…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2008-5396

Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by w…

CVSS: 7.2CWE: CWE-189
Read more
Critical

CVE-2008-5393

UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading fro…

CVSS: 10.0CWE: CWE-264
Read more
Medium

CVE-2008-5385

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2008-5384

crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2008-5277

PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.

CVSS: 4.3CWE: CWE-16
Read more
Medium

CVE-2008-5079

net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socke…

CVSS: 4.9CWE: CWE-399
Read more
High

CVE-2008-4917

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and ear…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2008-4310

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE:…

CVSS: 7.8CWE: CWE-399
Read more
2008-12-08
Medium

CVE-2008-5363

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dict…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2008-5361

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineC…

CVSS: 4.3CWE: CWE-399
Read more
2008-12-05
Medium

CVE-2008-5360

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates tempo…

CVSS: 6.4CWE: N/A
Read more
Critical

CVE-2008-5357

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and e…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2008-5353

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneIn…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-5352

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update…

CVSS: 9.3CWE: CWE-189
Read more
High

CVE-2008-5351

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "short…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2008-5349

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of servic…

CVSS: 7.1CWE: N/A
Read more
High

CVE-2008-5348

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerber…

CVSS: 7.1CWE: N/A
Read more
High

CVE-2008-5347

Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to a…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2008-5345

Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2008-5344

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows unt…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2008-5343

Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unautho…

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2008-5340

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows unt…

CVSS: 10.0CWE: CWE-264
Read more
Medium

CVE-2008-5339

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows unt…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2008-5331

Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.

CVSS: 7.5CWE: CWE-310
Read more
High

CVE-2008-5329

ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated serve…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2008-5328

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authe…

CVSS: 4.6CWE: CWE-310
Read more
Medium

CVE-2008-5327

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote a…

CVSS: 6.5CWE: CWE-255
Read more
Medium

CVE-2008-5326

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a passwor…

CVSS: 4.4CWE: CWE-255
Read more
Medium

CVE-2008-4416

Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVSS: 4.6CWE: N/A
Read more
2008-12-03
Medium

CVE-2008-5319

Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-5318

Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2008-5317

Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2008-5314

Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jp…

CVSS: 4.3CWE: CWE-399
Read more
Critical

CVE-2008-5276

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2008-3059

member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for re…

CVSS: 4.0CWE: CWE-255
Read more
Medium

CVE-2008-3057

Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cook…

CVSS: 5.0CWE: CWE-310
Read more
2008-12-02
High

CVE-2008-5308

The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct requ…

CVSS: 7.5CWE: CWE-264
Read more
2008-12-01
Medium

CVE-2008-5300

Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collecti…

CVSS: 4.9CWE: CWE-399
Read more
Low

CVE-2008-5298

chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2008-5286

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validatio…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2008-5285

Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.

CVSS: 5.0CWE: CWE-399
Read more
2008-11-29
Critical

CVE-2008-5284

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Ra…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2008-5283

Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this inform…

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2008-5280

The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests without required…

CVSS: 5.0CWE: CWE-399
Read more
2008-11-28
Medium

CVE-2008-5274

Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this informa…

CVSS: 5.0CWE: CWE-264
Read more
2008-11-27
Medium

CVE-2008-4315

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier f…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2008-4313

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and sen…

CVSS: 6.0CWE: CWE-264
Read more
2008-11-26
High

CVE-2008-2378

Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling o…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-5247

The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow…

CVSS: 4.3CWE: CWE-189
Read more
Critical

CVE-2008-5244

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib o…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-5241

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a smal…

CVSS: 4.3CWE: CWE-189
Read more
High

CVE-2008-5238

Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute…

CVSS: 7.1CWE: CWE-189
Read more
Critical

CVE-2008-5237

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted wi…

CVSS: 10.0CWE: CWE-189
Read more
2008-11-25
Medium

CVE-2008-5230

The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures agains…

CVSS: 6.8CWE: CWE-310
Read more
Medium

CVE-2008-5109

The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of vi…

CVSS: 5.0CWE: CWE-16
Read more
Low

CVE-2008-4233

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote at…

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2008-4231

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a…

CVSS: 9.3CWE: CWE-399
Read more
Low

CVE-2008-4228

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked device…

CVSS: 3.6CWE: CWE-264
Read more
High

CVE-2008-4227

Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for…

CVSS: 7.5CWE: CWE-310
Read more
Critical

CVE-2008-4226

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large…

CVSS: 10.0CWE: CWE-399
Read more
High

CVE-2008-4225

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.

CVSS: 7.8CWE: CWE-189
Read more
High

CVE-2008-1586

ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF im…

CVSS: 7.1CWE: CWE-399
Read more
Medium

CVE-2008-5218

ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.

CVSS: 5.0CWE: CWE-264
Read more
2008-11-21
High

CVE-2008-5188

The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines,…

CVSS: 7.2CWE: CWE-255
Read more
Medium

CVE-2008-5185

The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a cl…

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2008-5184

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy a…

CVSS: 10.0CWE: CWE-255
Read more
2008-11-20
Medium

CVE-2008-5181

Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-5179

Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted R…

CVSS: 5.0CWE: N/A
Read more
2008-11-18
Medium

CVE-2008-5160

Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other m…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2008-5159

Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large st…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2008-5133

ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when…

CVSS: 5.8CWE: CWE-264
Read more
Medium

CVE-2008-5130

Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5129

Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5128

Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5127

Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request t…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2008-5121

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remot…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-5118

Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "…

CVSS: 4.3CWE: N/A
Read more
2008-11-17
Medium

CVE-2008-5111

Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (p…

CVSS: 4.7CWE: N/A
Read more
Critical

CVE-2008-4415

Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.

CVSS: 9.0CWE: CWE-264
Read more
Critical

CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw aff…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2008-5104

Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the def…

CVSS: 7.2CWE: CWE-255
Read more
High

CVE-2008-5103

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account…

CVSS: 7.2CWE: CWE-255
Read more
Medium

CVE-2008-5102

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain…

CVSS: 4.0CWE: CWE-399
Read more
Critical

CVE-2008-5100

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of t…

CVSS: 10.0CWE: CWE-310
Read more
2008-11-14
Critical

CVE-2008-5089

Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2008-5072

vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.

CVSS: 4.3CWE: N/A
Read more
2008-11-13
Critical

CVE-2008-5052

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2008-5018

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of s…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2008-5017

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allo…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2008-5016

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vecto…

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2008-5013

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitr…

CVSS: 9.3CWE: CWE-399
Read more
2008-11-12
High

CVE-2008-5041

Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this inf…

CVSS: 7.5CWE: CWE-264
Read more
2008-11-10
Medium

CVE-2008-5035

The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang)…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-5033

The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of…

CVSS: 7.8CWE: CWE-399
Read more
Critical

CVE-2008-5031

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs meth…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2008-5029

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2008-5027

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this pr…

CVSS: 6.5CWE: CWE-264
Read more
Critical

CVE-2008-5010

in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown D…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-5006

smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-4915

The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.…

CVSS: 6.9CWE: CWE-264
Read more
High

CVE-2008-4831

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-4822

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2008-4819

Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

CVSS: 6.8CWE: N/A
Read more
2008-11-07
Medium

CVE-2008-4992

The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domain…

CVSS: 4.6CWE: CWE-264
Read more
High

CVE-2008-4414

Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2CWE: CWE-264
Read more
2008-11-06
High

CVE-2008-4963

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of servi…

CVSS: 7.1CWE: N/A
Read more
2008-11-05
Medium

CVE-2008-4816

Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2008-4815

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is…

CVSS: 7.5CWE: CWE-264
Read more
Critical

CVE-2008-4813

Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2008-3527

arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileg…

CVSS: 4.6CWE: CWE-264
Read more
2008-11-04
Critical

CVE-2008-4926

Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathnam…

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2008-4925

Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a…

CVSS: 9.0CWE: N/A
Read more
>