Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5984 | 1 Dia | 1 Dia | 2017-08-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2009-0218 | 2 Ldra, Particlesoftware | 2 Tbbrowse, Intralaunch | 2017-08-07 | 9.3 HIGH | N/A |
| Insecure method vulnerability in Particle Software IntraLaunch Application Launcher ActiveX control in IntraLaunch.ocx, as used in LDRA TBbrowse and possibly other products, allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-0151 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.2 HIGH | N/A |
| The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. | |||||
| CVE-2008-5986 | 1 Csound | 1 Csound | 2017-08-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-5298 | 1 Karakas-online | 1 Chm2pdf | 2017-08-07 | 2.1 LOW | N/A |
| chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. | |||||
| CVE-2008-5857 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2017-08-07 | 6.5 MEDIUM | N/A |
| The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests. | |||||
| CVE-2009-0072 | 1 Microsoft | 1 Internet Explorer | 2017-08-07 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. | |||||
| CVE-2008-5118 | 1 Sun | 1 Java System Identity Manager | 2017-08-07 | 4.3 MEDIUM | N/A |
| Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." | |||||
| CVE-2008-5404 | 1 Grid2000 | 1 Flexcell Grid Control | 2017-08-07 | 10.0 HIGH | N/A |
| Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5329 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 7.5 HIGH | N/A |
| ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file. | |||||
| CVE-2008-4198 | 1 Opera | 1 Opera Browser | 2017-08-07 | 5.0 MEDIUM | N/A |
| Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. | |||||
| CVE-2008-3746 | 1 Webdav | 1 Neon | 2017-08-07 | 4.3 MEDIUM | N/A |
| neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. | |||||
| CVE-2008-3873 | 1 Adobe | 1 Flash Player | 2017-08-07 | 4.3 MEDIUM | N/A |
| The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008. | |||||
| CVE-2008-3820 | 1 Cisco | 1 Security Manager | 2017-08-07 | 6.8 MEDIUM | N/A |
| Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports. | |||||
| CVE-2008-3819 | 1 Cisco | 4 Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Gss 4491 Global Site Selector and 1 more | 2017-08-07 | 5.0 MEDIUM | N/A |
| dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093. | |||||
| CVE-2008-4394 | 1 Gentoo | 1 Portage | 2017-08-07 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. | |||||
| CVE-2008-2714 | 1 Opera | 1 Opera Browser | 2017-08-07 | 5.0 MEDIUM | N/A |
| Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." | |||||
| CVE-2008-3350 | 1 The Kelleys | 1 Dnsmasq | 2017-08-07 | 5.0 MEDIUM | N/A |
| dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214. | |||||
| CVE-2008-3061 | 1 V-webmail | 1 V-webmail | 2017-08-07 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter. | |||||
| CVE-2008-1845 | 1 Mirbsd | 1 Miros | 2017-08-07 | 7.2 HIGH | N/A |
| The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option. | |||||