CVE Daily
← All years

Uncategorized 2008

Page 5/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2008-09-16
Medium

CVE-2008-3613

Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk o…

CVSS: 6.1CWE: CWE-399
Read more
High

CVE-2008-3609

The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or wri…

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2008-3608

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a cra…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-2332

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a cra…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2008-2331

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might al…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-2312

Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.

CVSS: 4.9CWE: CWE-255
Read more
Critical

CVE-2008-4095

Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713.

CVSS: 10.0CWE: N/A
Read more
2008-09-11
Critical

CVE-2008-4057

Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."

CVSS: 10.0CWE: N/A
Read more
High

CVE-2008-4018

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this fi…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-3972

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vu…

CVSS: 6.6CWE: CWE-264
Read more
Medium

CVE-2008-3970

pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restr…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2008-3969

Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2008-3967

moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-3959

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTA…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2008-3958

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE:…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2008-3912

libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-3636

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was origina…

CVSS: 7.2CWE: CWE-189
Read more
Critical

CVE-2008-3632

Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application…

CVSS: 9.3CWE: CWE-399
Read more
High

CVE-2008-3631

Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-…

CVSS: 7.1CWE: CWE-264
Read more
Medium

CVE-2008-3630

mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, w…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2008-3629

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

CVSS: 4.3CWE: CWE-399
Read more
Critical

CVE-2008-3628

Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer iss…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3627

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3615

ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2008-3614

Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers…

CVSS: 6.8CWE: CWE-189
Read more
Critical

CVE-2008-3015

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2008-3013

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Offi…

CVSS: 9.3CWE: CWE-399
Read more
High

CVE-2008-2464

The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and pan…

CVSS: 7.1CWE: CWE-189
Read more
Critical

CVE-2007-5348

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft…

CVSS: 9.3CWE: CWE-189
Read more
2008-09-05
High

CVE-2008-3890

The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during t…

CVSS: 7.2CWE: CWE-264
Read more
2008-09-04
High

CVE-2008-3920

Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-3924

The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discov…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2007-6716

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a cer…

CVSS: 5.5CWE: N/A
Read more
Critical

CVE-2008-3910

dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to…

CVSS: 10.0CWE: CWE-189
Read more
High

CVE-2008-2732

Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7,…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2008-2734

Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VP…

CVSS: 7.1CWE: CWE-399
Read more
High

CVE-2008-2441

Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which t…

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2008-1389

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-2733

Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec c…

CVSS: 7.1CWE: N/A
Read more
2008-09-03
Medium

CVE-2008-1739

Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.

CVSS: 6.8CWE: CWE-399
Read more
High

CVE-2008-3525

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOC…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2008-3536

Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnera…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2008-3537

Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnera…

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2008-3691

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-3692

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-3693

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-3694

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-3695

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-3696

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2008-3698

Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 1…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2008-3792

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with…

CVSS: 7.1CWE: N/A
Read more
2008-09-02
High

CVE-2008-3875

The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert…

CVSS: 7.2CWE: CWE-264
Read more
Low

CVE-2008-3876

Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an…

CVSS: 1.9CWE: CWE-264
Read more
Critical

CVE-2008-3538

Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of thi…

CVSS: 9.0CWE: N/A
Read more
2008-08-29
High

CVE-2008-3283

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2008-2930

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via craf…

CVSS: 7.1CWE: CWE-399
Read more
Medium

CVE-2008-3873

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not requir…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2008-3859

Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.

CVSS: 5.0CWE: CWE-255
Read more
2008-08-28
Medium

CVE-2008-3852

Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2…

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2008-3855

Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERAB…

CVSS: 4.6CWE: CWE-264
Read more
High

CVE-2008-3856

The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and a…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-3858

The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 clien…

CVSS: 4.3CWE: CWE-264
Read more
2008-08-27
High

CVE-2008-3526

Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows…

CVSS: 7.8CWE: CWE-189
Read more
Medium

CVE-2008-3839

Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2008-3840

Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

CVSS: 5.0CWE: CWE-255
Read more
Medium

CVE-2008-3746

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and t…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2008-3747

The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might al…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-3745

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.

CVSS: 5.5CWE: CWE-264
Read more
Medium

CVE-2008-3742

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an execu…

CVSS: 6.5CWE: CWE-264
Read more
2008-08-26
Medium

CVE-2008-3794

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a n…

CVSS: 6.8CWE: CWE-189
Read more
2008-08-25
High

CVE-2008-3778

The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core rou…

CVSS: 7.5CWE: CWE-264
Read more
2008-08-20
Medium

CVE-2008-3728

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determi…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-3731

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP…

CVSS: 4.0CWE: N/A
Read more
Critical

CVE-2008-3732

Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…

CVSS: 9.3CWE: CWE-189
Read more
2008-08-19
Medium

CVE-2008-3717

Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.

CVSS: 5.0CWE: CWE-264
Read more
2008-08-18
Medium

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a fi…

CVSS: 6.2CWE: CWE-264
Read more
Low

CVE-2008-3270

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle att…

CVSS: 2.6CWE: CWE-310
Read more
High

CVE-2008-3276

Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote…

CVSS: 7.1CWE: CWE-189
Read more
2008-08-14
Medium

CVE-2008-3443

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infi…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-3686

The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 request…

CVSS: 4.9CWE: CWE-399
Read more
High

CVE-2008-2940

The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setaler…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-3683

Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) vi…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2008-3681

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typica…

CVSS: 7.5CWE: CWE-264
Read more
2008-08-13
Medium

CVE-2008-3671

Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this…

CVSS: 5.0CWE: CWE-310
Read more
Critical

CVE-2008-1668

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passw…

CVSS: 10.0CWE: CWE-264
Read more
High

CVE-2008-3666

Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file…

CVSS: 7.1CWE: N/A
Read more
Critical

CVE-2008-2255

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a differen…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-2257

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vecto…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-2258

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vecto…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-2254

Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3650

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS),…

CVSS: 9.0CWE: N/A
Read more
High

CVE-2008-3652

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resou…

CVSS: 7.8CWE: CWE-399
Read more
Critical

CVE-2008-3653

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-3654

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2008-3655

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which all…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 t…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2008-1448

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames,…

CVSS: 7.1CWE: CWE-264
Read more
Medium

CVE-2008-1455

A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office…

CVSS: 6.8CWE: CWE-399
Read more
Critical

CVE-2008-0121

A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption,…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-0120

Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to…

CVSS: 9.3CWE: CWE-399
Read more
2008-08-12
Critical

CVE-2008-3006

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office Sha…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3019

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3020

Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-3021

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a craf…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2008-3174

Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2008-3460

WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attack…

CVSS: 9.3CWE: CWE-399
Read more
High

CVE-2008-3602

admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-3605

Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vecto…

CVSS: 6.8CWE: CWE-264
Read more
2008-08-10
Medium

CVE-2008-3273

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-3573

The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG eleme…

CVSS: 5.0CWE: CWE-189
Read more
2008-08-08
Critical

CVE-2008-3551

Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-3553

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and per…

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2008-3552

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP pri…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2008-3557

Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-3532

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed ser…

CVSS: 6.8CWE: CWE-310
Read more
High

CVE-2008-1664

Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 7.8CWE: N/A
Read more
Low

CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modif…

CVSS: 2.1CWE: N/A
Read more
2008-08-07
Medium

CVE-2008-3548

Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2008-3549

Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown v…

CVSS: 4.7CWE: CWE-399
Read more
Medium

CVE-2008-3508

LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.

CVSS: 5.0CWE: CWE-264
Read more
>