Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5026 | 1 Microsoft | 1 Sharepoint Server | 2017-08-07 | 3.5 LOW | N/A |
| Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. | |||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2017-08-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. | |||||
| CVE-2008-5030 | 1 Libcaudio | 1 Libcaudio | 2017-08-07 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data. | |||||
| CVE-2008-5033 | 1 Linux | 1 Linux Kernel | 2017-08-07 | 7.8 HIGH | N/A |
| The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors. | |||||
| CVE-2008-5035 | 1 Ibm | 1 Hardware Management Console | 2017-08-07 | 5.0 MEDIUM | N/A |
| The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length. | |||||
| CVE-2008-5038 | 1 Novell | 1 Edirectory | 2017-08-07 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | |||||
| CVE-2008-5041 | 1 Sweex | 1 Ro002 Router | 2017-08-07 | 7.5 HIGH | N/A |
| Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5048 | 1 Isecsoft | 1 Anti-trojan Elite | 2017-08-07 | 7.2 HIGH | N/A |
| Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL. | |||||
| CVE-2008-5055 | 1 Activecampaign | 1 Triolive | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php. | |||||
| CVE-2008-5056 | 1 Activecampaign | 1 Triolive | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php. | |||||
| CVE-2008-5057 | 1 Aspindir | 1 Dizi Portali | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5064 | 1 H\&h | 1 Websoccer | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5076 | 1 Htop | 1 Htop | 2017-08-07 | 4.6 MEDIUM | N/A |
| htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings." | |||||
| CVE-2008-5082 | 1 Redhat | 2 Dogtag Certificate System, Certificate System | 2017-08-07 | 6.0 MEDIUM | N/A |
| The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. | |||||
| CVE-2008-5091 | 1 Novell | 1 Edirectory | 2017-08-07 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." | |||||
| CVE-2008-5093 | 1 Novell | 1 Edirectory | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2008-5096 | 1 Typo3 | 2 File List Extension, Typo3 | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2008-5099 | 1 Sun | 1 Logical Domain Manager | 2017-08-07 | 4.6 MEDIUM | N/A |
| Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992. | |||||
| CVE-2008-5101 | 1 Optipng | 1 Optipng | 2017-08-07 | 9.3 HIGH | N/A |
| Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow." | |||||
| CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2017-08-07 | 7.2 HIGH | N/A |
| The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | |||||