Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5539 | 2 Microsoft, Rising-global | 2 Internet Explorer, Rising Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5540 | 2 Microsoft, Secure Computing | 3 Internet Explorer, Secure Web Gateway, Webwasher | 2018-10-11 | 9.3 HIGH | N/A |
| Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5542 | 2 Microsoft, Sunbeltsoftware | 2 Internet Explorer, Vipre | 2018-10-11 | 9.3 HIGH | N/A |
| Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5541 | 2 Microsoft, Sophos | 2 Internet Explorer, Anti-virus | 2018-10-11 | 9.3 HIGH | N/A |
| Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5105 | 1 Karjasoft | 1 Sami Ftp Server | 2018-10-11 | 5.0 MEDIUM | N/A |
| KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands. | |||||
| CVE-2008-5243 | 1 Xine | 1 Xine-lib | 2018-10-11 | 4.3 MEDIUM | N/A |
| The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error. | |||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2018-10-11 | 10.0 HIGH | N/A |
| The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
| CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2018-10-11 | 9.0 HIGH | N/A |
| webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. | |||||
| CVE-2008-4999 | 1 Nortel | 1 Unistim Ip Phone | 2018-10-11 | 7.8 HIGH | N/A |
| Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. | |||||
| CVE-2008-5077 | 1 Openssl | 1 Openssl | 2018-10-11 | 5.8 MEDIUM | N/A |
| OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | |||||
| CVE-2008-4681 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | |||||
| CVE-2008-4682 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | |||||
| CVE-2008-4549 | 1 Imageshack | 1 Imageshack Toolbar | 2018-10-11 | 2.6 LOW | N/A |
| The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method. | |||||
| CVE-2008-4616 | 2 The Spanner, Wordpress | 2 Spambam Plugin, Spambam Plugin | 2018-10-11 | 5.0 MEDIUM | N/A |
| The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | |||||
| CVE-2008-4133 | 1 D-link | 1 Dir-100 | 2018-10-11 | 4.3 MEDIUM | N/A |
| The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | |||||
| CVE-2008-4340 | 1 Google | 1 Chrome | 2018-10-11 | 4.3 MEDIUM | N/A |
| Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | |||||
| CVE-2008-4342 | 3 Burnaware Technologies, Impressum, Numedia Soft | 3 Burnaware, Cdburnerxp, Numedia Dvd Burning Sdk | 2018-10-11 | 9.3 HIGH | N/A |
| NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | |||||
| CVE-2008-4441 | 2 Linksys, Marvell | 2 Wap400n, 88w8361p-bem1 | 2018-10-11 | 7.1 HIGH | N/A |
| The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. | |||||
| CVE-2008-4444 | 1 Cisco | 2 Unified Ip Phone 7940g, Unified Ip Phone 7960g | 2018-10-11 | 7.1 HIGH | N/A |
| Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers. | |||||
| CVE-2008-3934 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 3.3 LOW | N/A |
| Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | |||||