Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4511 | 1 Todd Woolums | 1 Asp News Management | 2018-10-11 | 5.0 MEDIUM | N/A |
| Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2008-4484 | 1 Crux Software | 1 Gallery | 2018-10-11 | 6.8 MEDIUM | N/A |
| main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | |||||
| CVE-2008-4472 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2018-10-11 | 9.3 HIGH | N/A |
| The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | |||||
| CVE-2008-4297 | 1 Mercurial | 1 Mercurial | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. | |||||
| CVE-2008-3852 | 1 Ibm | 1 Db2 Universal Database | 2018-10-11 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-3825 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2018-10-11 | 4.4 MEDIUM | N/A |
| pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. | |||||
| CVE-2008-3655 | 1 Ruby-lang | 1 Ruby | 2018-10-11 | 7.5 HIGH | N/A |
| Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. | |||||
| CVE-2008-3553 | 2 Nokia, Sun | 2 Series 40, J2me | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-3494 | 1 8e6 | 1 R3000 Internet Filter | 2018-10-11 | 7.8 HIGH | N/A |
| 8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header. | |||||
| CVE-2008-3485 | 1 Citrix | 2 Metaframe Presentation Server, Xp | 2018-10-11 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. | |||||
| CVE-2008-3431 | 1 Sun | 1 Xvm Virtualbox | 2018-10-11 | 7.2 HIGH | N/A |
| The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address. | |||||
| CVE-2008-3356 | 1 Ingres | 1 Ingres | 2018-10-11 | 4.6 MEDIUM | N/A |
| verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. | |||||
| CVE-2008-3106 | 1 Sun | 2 Jdk, Jre | 2018-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. | |||||
| CVE-2008-3105 | 1 Sun | 2 Jdk, Jre | 2018-10-11 | 8.3 HIGH | N/A |
| Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. | |||||
| CVE-2008-3110 | 1 Sun | 2 Jdk, Jre | 2018-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. | |||||
| CVE-2008-3109 | 1 Sun | 2 Jdk, Jre | 2018-10-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | |||||
| CVE-2008-3103 | 1 Sun | 2 Jdk, Jre | 2018-10-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. | |||||
| CVE-2008-2810 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-11 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. | |||||
| CVE-2008-2803 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 6.8 MEDIUM | N/A |
| The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. | |||||
| CVE-2008-2802 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." | |||||