CVE Daily
← All years

Uncategorized 2008

Page 9/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2008-04-25
Medium

CVE-2008-1937

The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2008-1940

The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid cal…

CVSS: 4.6CWE: CWE-264
Read more
2008-04-24
Medium

CVE-2008-1927

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOT…

CVSS: 5.0CWE: CWE-399
Read more
2008-04-23
High

CVE-2008-1923

The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP…

CVSS: 7.1CWE: CWE-16
Read more
2008-04-22
Medium

CVE-2008-1902

The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2008-1900

option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field.

CVSS: 7.5CWE: N/A
Read more
2008-04-21
Critical

CVE-2008-1436

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent…

CVSS: 9.0CWE: CWE-264
Read more
2008-04-18
High

CVE-2008-1886

The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote att…

CVSS: 7.5CWE: CWE-310
Read more
2008-04-17
Medium

CVE-2007-6715

Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2007-5746

Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, wh…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2007-5747

Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2008-1024

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted fil…

CVSS: 6.8CWE: CWE-399
Read more
Critical

CVE-2008-1380

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and p…

CVSS: 9.3CWE: CWE-399
Read more
Low

CVE-2008-1877

tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.

CVSS: 2.1CWE: CWE-264
Read more
2008-04-16
Critical

CVE-2007-6713

Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files.

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2008-1854

Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-1855

FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-1852

ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large…

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2008-1853

The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit req…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2008-1851

ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide al…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-0893

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2008-1845

The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual termina…

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2008-1842

Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrar…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2008-1387

ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2008-1834

swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2008-1836

The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null termina…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2008-1837

libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite f…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-1771

Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly…

CVSS: 7.5CWE: CWE-189
Read more
Critical

CVE-2008-1827

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1824

Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1825

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1826

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Fra…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1830

Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03.

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2008-1828

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticate…

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2008-1829

Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02.

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2008-1822

Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1831

Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02,…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1823

Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1818

Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-1821

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15.…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2008-1820

Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOT…

CVSS: 4.0CWE: N/A
Read more
High

CVE-2008-1819

Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2008-1817

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2008-1816

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2008-1815

Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILI…

CVSS: 5.5CWE: N/A
Read more
Critical

CVE-2008-1814

Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2008-1813

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors relate…

CVSS: 6.5CWE: N/A
Read more
Critical

CVE-2008-1812

Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unkno…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-1811

Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the prev…

CVSS: 5.5CWE: N/A
Read more
2008-04-15
Medium

CVE-2008-1796

Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.

CVSS: 4.9CWE: N/A
Read more
High

CVE-2008-1797

Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2008-1790

Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOT…

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2008-1783

Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.

CVSS: 6.4CWE: CWE-264
Read more
High

CVE-2008-1784

Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.

CVSS: 7.5CWE: CWE-264
Read more
2008-04-14
Medium

CVE-2008-0927

dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Con…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2008-1772

iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2008-1777

The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-1778

Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt…

CVSS: 6.6CWE: CWE-16
Read more
Medium

CVE-2008-1779

Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.

CVSS: 6.8CWE: CWE-399
Read more
Medium

CVE-2008-1780

Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.

CVSS: 4.6CWE: CWE-264
Read more
2008-04-12
Critical

CVE-2008-1761

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-1762

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-1764

Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2008-1766

Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2007-6712

Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer wi…

CVSS: 4.9CWE: CWE-189
Read more
2008-04-11
Low

CVE-2008-1754

Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dum…

CVSS: 1.7CWE: CWE-310
Read more
Medium

CVE-2008-1756

Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.

CVSS: 4.9CWE: N/A
Read more
Critical

CVE-2008-1725

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attac…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2008-1728

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading message…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2008-1729

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker a…

CVSS: 5.8CWE: N/A
Read more
High

CVE-2008-1731

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and re…

CVSS: 7.5CWE: CWE-264
Read more
2008-04-10
Critical

CVE-2007-5406

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly…

CVSS: 9.3CWE: N/A
Read more
2008-04-09
Critical

CVE-2007-0071

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, whi…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2007-6019

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2008-1713

MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-1711

Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2008-1707

IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field.

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2008-1708

IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a pac…

CVSS: 4.3CWE: CWE-399
Read more
High

CVE-2008-1710

Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-1706

Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field.

CVSS: 4.3CWE: CWE-189
Read more
High

CVE-2008-1656

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2008-1688

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2008-1687

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion…

CVSS: 7.5CWE: N/A
Read more
2008-04-08
Critical

CVE-2008-1088

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2008-1090

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory…

CVSS: 9.3CWE: CWE-399
Read more
High

CVE-2008-0711

Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl…

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2008-1617

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the S…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2008-1701

Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-0313

The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through…

CVSS: 6.8CWE: N/A
Read more
2008-04-07
Critical

CVE-2008-1329

Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands,…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-1692

Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attac…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2008-0709

Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue…

CVSS: 5.5CWE: CWE-264
Read more
Low

CVE-2008-1142

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt…

CVSS: 3.7CWE: CWE-264
Read more
Medium

CVE-2008-1689

Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request head…

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2008-1690

WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code v…

CVSS: 10.0CWE: CWE-399
Read more
2008-04-06
Medium

CVE-2008-0887

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2008-0708

HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the s…

CVSS: 4.6CWE: N/A
Read more
2008-04-04
Critical

CVE-2008-1681

Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.

CVSS: 10.0CWE: CWE-264
Read more
Medium

CVE-2008-1013

Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.

CVSS: 6.8CWE: N/A
Read more
2008-04-02
Medium

CVE-2008-1657

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2008-1625

aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.

CVSS: 6.8CWE: CWE-264
Read more
Low

CVE-2008-1627

CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.

CVSS: 3.5CWE: CWE-264
Read more
Critical

CVE-2008-1633

Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2008-1638

Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2008-1614

suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory o…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2008-1619

The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.

CVSS: 4.3CWE: N/A
Read more
2008-04-01
Medium

CVE-2008-1515

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."

CVSS: 6.4CWE: CWE-264
Read more
2008-03-31
High

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdl…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-1597

The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."

CVSS: 4.9CWE: N/A
Read more
High

CVE-2008-1596

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks i…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-1595

The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which…

CVSS: 4.9CWE: CWE-264
Read more
Medium

CVE-2008-1594

The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial o…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2008-1592

MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to…

CVSS: 4.6CWE: CWE-264
Read more
Medium

CVE-2008-0211

Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors.

CVSS: 4.9CWE: N/A
Read more
High

CVE-2008-1593

The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileg…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2008-1561

Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X…

CVSS: 5.0CWE: N/A
Read more
>