CVE Daily
← All years

Uncategorized 2008

Page 3/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2008-11-04
Critical

CVE-2008-4924

Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pat…

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2008-4923

Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argum…

CVSS: 9.0CWE: N/A
Read more
High

CVE-2008-4921

board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from thi…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-4413

Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users t…

CVSS: 6.2CWE: CWE-264
Read more
2008-11-01
Medium

CVE-2008-4874

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote atta…

CVSS: 5.0CWE: CWE-255
Read more
Critical

CVE-2008-4873

board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-4869

FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak."

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2008-4868

Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random po…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated usi…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2008-4863

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an errone…

CVSS: 6.9CWE: N/A
Read more
2008-10-31
High

CVE-2008-4811

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (b…

CVSS: 7.5CWE: CWE-264
Read more
Critical

CVE-2008-4809

Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance o…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2008-4807

IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the…

CVSS: 2.1CWE: CWE-255
Read more
Medium

CVE-2008-4800

The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explore…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-4799

pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that trigg…

CVSS: 4.3CWE: CWE-189
Read more
2008-10-29
High

CVE-2008-4793

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypas…

CVSS: 6.0CWE: CWE-264
Read more
Medium

CVE-2008-4791

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

CVSS: 6.0CWE: CWE-264
Read more
Medium

CVE-2008-4790

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

CVSS: 6.0CWE: CWE-264
Read more
Medium

CVE-2008-4789

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "l…

CVSS: 6.0CWE: CWE-264
Read more
Medium

CVE-2008-4788

Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs f…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-4787

Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) seque…

CVSS: 5.8CWE: N/A
Read more
2008-10-27
Critical

CVE-2008-4749

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2006-7234

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.

CVSS: 4.6CWE: N/A
Read more
2008-10-24
Critical

CVE-2008-4731

Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-4728

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
2008-10-23
Medium

CVE-2008-4698

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.

CVSS: 5.8CWE: CWE-264
Read more
High

CVE-2008-3817

Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory co…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2008-3816

Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload)…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2007-4349

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) a…

CVSS: 4.3CWE: N/A
Read more
2008-10-22
Critical

CVE-2008-4699

Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2008-4692

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-4691

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a den…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-4686

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2008-4685

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (appl…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-4684

packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a cert…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2008-4683

The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-4680

packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).

CVSS: 4.3CWE: CWE-399
Read more
High

CVE-2008-4678

The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abe…

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2008-4677

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when…

CVSS: 4.3CWE: CWE-255
Read more
Medium

CVE-2008-4676

Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain p…

CVSS: 6.8CWE: CWE-264
Read more
Low

CVE-2008-4646

The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the…

CVSS: 2.1CWE: CWE-255
Read more
High

CVE-2008-4644

hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.

CVSS: 7.5CWE: CWE-264
Read more
2008-10-21
Critical

CVE-2008-4630

Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-4619

The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE oper…

CVSS: 10.0CWE: N/A
Read more
2008-10-20
Critical

CVE-2008-4615

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-4610

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of serv…

CVSS: 7.1CWE: CWE-16
Read more
Medium

CVE-2008-3831

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Di…

CVSS: 4.7CWE: CWE-399
Read more
Medium

CVE-2007-6718

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vo…

CVSS: 4.3CWE: N/A
Read more
2008-10-18
High

CVE-2008-4600

configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.

CVSS: 7.5CWE: CWE-264
Read more
2008-10-17
High

CVE-2008-4598

Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2008-4597

Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.

CVSS: 7.5CWE: CWE-264
Read more
Critical

CVE-2008-4595

Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-4594

Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-4401

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileRe…

CVSS: 10.0CWE: CWE-264
Read more
2008-10-15
Critical

CVE-2008-4587

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2008-4586

Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and e…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2008-4585

Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-4584

Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2008-4583

Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2008-4581

The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workf…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2008-4578

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-4554

The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make…

CVSS: 4.6CWE: CWE-264
Read more
High

CVE-2008-4036

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application th…

CVSS: 8.4CWE: CWE-189
Read more
Critical

CVE-2008-4023

Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, ak…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2008-3477

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote a…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3476

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML d…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3473

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy,…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2008-3472

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy,…

CVSS: 9.3CWE: CWE-264
Read more
High

CVE-2008-3464

afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, wh…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2008-2252

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which a…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2008-2251

Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2008-2250

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a chil…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-4558

Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a s…

CVSS: 6.8CWE: CWE-399
Read more
2008-10-14
Critical

CVE-2008-4478

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2008-4013

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2008-4012

Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related…

CVSS: 5.1CWE: N/A
Read more
Low

CVE-2008-4011

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2008-4010

Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availabi…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2008-4009

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availabil…

CVSS: 5.1CWE: N/A
Read more
Critical

CVE-2008-4008

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect c…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-4005

Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2008-4004

Unspecified vulnerability in the JDE EnterpriseOne Business Service Server component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.2 and 8.98.0.1 allows local users to affect co…

CVSS: 3.2CWE: N/A
Read more
Medium

CVE-2008-4003

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality via unknown v…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2008-4002

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote authenticated users to affect confidentiality via…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2008-4001

Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne EP 8.9 and EP 9.0 allows remote authenticated users to affect conf…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2008-4000

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2008-3998

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2008-3996

Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related t…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-3995

Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related t…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-3994

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and in…

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2008-3993

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2008-3992

Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to DMSYS.DBMS_DM_EXP_INTER…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-3991

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWU…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2008-3990

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWU…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2008-3989

Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability, related to DMSYS.OD…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2008-3988

Unspecified vulnerability in the iSupplier Portal component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2008-3987

Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.

CVSS: 1.0CWE: N/A
Read more
Low

CVE-2008-3986

Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors.

CVSS: 1.0CWE: N/A
Read more
Medium

CVE-2008-3985

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-3984

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and in…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-3983

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and in…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-3982

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and in…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-3980

Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2008-3977

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability t…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-3976

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via u…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-3975

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability t…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-2625

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2008-2624

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.5CWE: N/A
Read more
Low

CVE-2008-2619

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to a…

CVSS: 1.7CWE: N/A
Read more
Low

CVE-2008-2588

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2008-3640

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflo…

CVSS: 6.8CWE: CWE-189
Read more
High

CVE-2008-4552

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which trigger…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-4546

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) b…

CVSS: 4.3CWE: CWE-399
Read more
2008-10-13
Medium

CVE-2008-4545

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain se…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2008-4544

Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynam…

CVSS: 5.0CWE: N/A
Read more
>