Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5256 | 1 Virtualox | 1 Virtualox | 2017-08-07 | 4.4 MEDIUM | N/A |
| The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file. | |||||
| CVE-2008-5257 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2017-08-07 | 4.3 MEDIUM | N/A |
| webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan. | |||||
| CVE-2008-5274 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2017-08-07 | 5.0 MEDIUM | N/A |
| Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5275 | 1 Net2ftp | 1 Net2ftp | 2017-08-07 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file. | |||||
| CVE-2008-5277 | 1 Powerdns | 1 Powerdns | 2017-08-07 | 4.3 MEDIUM | N/A |
| PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. | |||||
| CVE-2008-5278 | 1 Wordpress | 1 Wordpress | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). | |||||
| CVE-2008-5296 | 1 Gallery | 1 Gallery | 2017-08-07 | 6.8 MEDIUM | N/A |
| Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5298 | 1 Karakas-online | 1 Chm2pdf | 2017-08-07 | 2.1 LOW | N/A |
| chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. | |||||
| CVE-2008-5299 | 1 Karakas-online | 1 Chm2pdf | 2017-08-07 | 6.9 MEDIUM | N/A |
| chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories. | |||||
| CVE-2008-5301 | 1 Dovecot | 1 Dovecot | 2017-08-07 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. | |||||
| CVE-2008-5304 | 1 Twiki | 1 Twiki | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | |||||
| CVE-2008-5318 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. | |||||
| CVE-2008-5319 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. | |||||
| CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2017-08-07 | 4.4 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | |||||
| CVE-2008-5327 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 6.5 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree. | |||||
| CVE-2008-5328 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 4.6 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process. | |||||
| CVE-2008-5329 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 7.5 HIGH | N/A |
| ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file. | |||||
| CVE-2008-5330 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page. | |||||
| CVE-2008-5382 | 1 I-o Data | 4 Hlf-f160, Hlf-f250, Hlf-f300 and 1 more | 2017-08-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5397 | 1 Tor | 1 Tor | 2017-08-07 | 7.2 HIGH | N/A |
| Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. | |||||