Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5379 | 1 Oliver Gorwits | 1 Netdisco Mibs Installer | 2008-12-08 | 6.9 MEDIUM | N/A |
| netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | |||||
| CVE-2007-6719 | 1 Inspector It | 1 Wiz-ad | 2008-12-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5331 | 1 Adobe | 1 Acrobat | 2008-12-04 | 7.5 HIGH | N/A |
| Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack. | |||||
| CVE-2008-5143 | 1 Mohammed Sameer | 1 Multi-gnome-terminal | 2008-12-02 | 6.9 MEDIUM | N/A |
| mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file. | |||||
| CVE-2008-5148 | 1 Geda | 1 Gnetlist | 2008-12-02 | 6.9 MEDIUM | N/A |
| sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | |||||
| CVE-2008-5162 | 1 Freebsd | 1 Freebsd | 2008-12-02 | 6.9 MEDIUM | N/A |
| The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator. | |||||
| CVE-2008-4640 | 1 Sentex | 1 Jhead | 2008-12-02 | 3.6 LOW | N/A |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. | |||||
| CVE-2008-4641 | 1 Sentex | 1 Jhead | 2008-12-02 | 10.0 HIGH | N/A |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||||
| CVE-2008-5230 | 1 Cisco | 1 Ios | 2008-12-02 | 6.8 MEDIUM | N/A |
| The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | |||||
| CVE-2008-5283 | 1 Ghh | 1 Google Hack Honeypot File Upload Manager | 2008-12-01 | 6.4 MEDIUM | N/A |
| Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action. | |||||
| CVE-2008-5281 | 1 South River Technologies | 1 Titan Ftp Server | 2008-11-30 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | |||||
| CVE-2008-2429 | 1 Calendarix | 1 Basic | 2008-11-25 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2. | |||||
| CVE-2008-2432 | 1 Novell | 1 Iprint | 2008-11-25 | 5.0 MEDIUM | N/A |
| Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | |||||
| CVE-2008-5109 | 1 Adobe | 1 Flash Media Server | 2008-11-25 | 5.0 MEDIUM | N/A |
| The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | |||||
| CVE-2008-5231 | 1 Novell | 1 Iprint | 2008-11-25 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431. | |||||
| CVE-2007-1489 | 1 Web-app.org | 1 Webapp | 2008-11-22 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2008-11-18 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users." | |||||
| CVE-2008-5146 | 1 Erl Wustl | 1 Ctn | 2008-11-18 | 6.9 MEDIUM | N/A |
| add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file. | |||||
| CVE-2008-5151 | 1 Abottoms | 1 Mayavi | 2008-11-18 | 6.9 MEDIUM | N/A |
| test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | |||||
| CVE-2008-5087 | 1 Typo3 | 2 Another Backend Login, Typo3 | 2008-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||