Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5724 | 1 Eset | 1 Smart Security | 2017-08-07 | 7.2 HIGH | N/A |
| The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. | |||||
| CVE-2008-5916 | 1 Git | 1 Git | 2017-08-07 | 4.6 MEDIUM | N/A |
| gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | |||||
| CVE-2008-5716 | 1 Citrix | 1 Xen | 2017-08-07 | 7.2 HIGH | N/A |
| xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | |||||
| CVE-2008-5687 | 1 Mediawiki | 1 Mediawiki | 2017-08-07 | 5.0 MEDIUM | N/A |
| MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. | |||||
| CVE-2008-5673 | 1 Phparanoid | 1 Phparanoid | 2017-08-07 | 6.5 MEDIUM | N/A |
| PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors. | |||||
| CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2017-08-07 | 8.5 HIGH | N/A |
| The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | |||||
| CVE-2008-5549 | 1 Sun | 1 Java System Portal Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." | |||||
| CVE-2008-5398 | 1 Tor | 1 Tor | 2017-08-07 | 9.3 HIGH | N/A |
| Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. | |||||
| CVE-2008-5397 | 1 Tor | 1 Tor | 2017-08-07 | 7.2 HIGH | N/A |
| Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. | |||||
| CVE-2008-5274 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2017-08-07 | 5.0 MEDIUM | N/A |
| Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5133 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-07 | 5.8 MEDIUM | N/A |
| ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. | |||||
| CVE-2008-5130 | 1 Ocean12 Technologies | 1 Calendar Manager | 2017-08-07 | 5.0 MEDIUM | N/A |
| Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | |||||
| CVE-2008-5129 | 1 Ocean12 Technologies | 1 Poll Manager | 2017-08-07 | 5.0 MEDIUM | N/A |
| Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. | |||||
| CVE-2008-5128 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2017-08-07 | 5.0 MEDIUM | N/A |
| Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | |||||
| CVE-2008-5041 | 1 Sweex | 1 Ro002 Router | 2017-08-07 | 7.5 HIGH | N/A |
| Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4992 | 1 Sun | 13 Blade T6300 Server, Blade T6320 Server, Fire Enterprise Server T1000 and 10 more | 2017-08-07 | 4.6 MEDIUM | N/A |
| The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors. | |||||
| CVE-2009-0436 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 7.2 HIGH | N/A |
| The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. | |||||
| CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2017-08-07 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | |||||
| CVE-2009-0419 | 1 Microsoft | 1 Xml Core Services | 2017-08-07 | 5.0 MEDIUM | N/A |
| Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. | |||||
| CVE-2009-0438 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2017-08-07 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. | |||||