Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3573 | 2 Php-nuke, Pligg | 2 Php-nuke, Pligg | 2017-08-07 | 5.0 MEDIUM | N/A |
| The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. | |||||
| CVE-2008-3424 | 1 Condor Project | 1 Condor | 2017-08-07 | 7.5 HIGH | N/A |
| Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2017-08-07 | 7.5 HIGH | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
| CVE-2008-3395 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2017-08-07 | 5.0 MEDIUM | N/A |
| Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2017-08-07 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160. | |||||
| CVE-2008-3268 | 1 Brickhost | 1 Phpscheduleit | 2017-08-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3273 | 1 Jboss | 1 Enterprise Application Platform | 2017-08-07 | 5.0 MEDIUM | N/A |
| JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | |||||
| CVE-2008-3226 | 1 Joomla | 1 Joomla | 2017-08-07 | 5.0 MEDIUM | N/A |
| The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | |||||
| CVE-2008-3225 | 1 Joomla | 1 Joomla | 2017-08-07 | 10.0 HIGH | N/A |
| Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | |||||
| CVE-2008-3172 | 1 Opera | 1 Opera | 2017-08-07 | 6.8 MEDIUM | N/A |
| Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | |||||
| CVE-2008-3170 | 1 Apple | 1 Safari | 2017-08-07 | 6.8 MEDIUM | N/A |
| Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | |||||
| CVE-2008-3158 | 1 Novell | 1 Novell Client For Windows | 2017-08-07 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. | |||||
| CVE-2008-3096 | 1 Drupal | 1 Outline Designer Module | 2017-08-07 | 6.5 MEDIUM | N/A |
| The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges. | |||||
| CVE-2008-3047 | 1 Typo3 | 1 Kb Unpack Extension | 2017-08-07 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
| CVE-2008-3042 | 1 Typo3 | 1 Dam Frontend Extension | 2017-08-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling." | |||||
| CVE-2008-3046 | 1 Typo3 | 1 Packman Extension | 2017-08-07 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
| CVE-2008-3041 | 1 Typo3 | 1 Dam Frontend Extension | 2017-08-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control." | |||||
| CVE-2008-3300 | 1 Alphadmin | 1 Alphadmin Cms | 2017-08-07 | 7.5 HIGH | N/A |
| AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3000 | 1 Drupal | 1 Aggregation Module | 2017-08-07 | 6.8 MEDIUM | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2008-2827 | 1 Perl | 1 Perl | 2017-08-07 | 4.6 MEDIUM | N/A |
| The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. | |||||