Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5398 | 1 Tor | 1 Tor | 2017-08-07 | 9.3 HIGH | N/A |
| Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. | |||||
| CVE-2008-5404 | 1 Grid2000 | 1 Flexcell Grid Control | 2017-08-07 | 10.0 HIGH | N/A |
| Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2017-08-07 | 9.4 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | |||||
| CVE-2008-5408 | 1 Symantec | 1 Backup Exec For Windows Server | 2017-08-07 | 9.0 HIGH | N/A |
| Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. | |||||
| CVE-2008-5411 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2008-5412 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2017-08-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | |||||
| CVE-2008-5414 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." | |||||
| CVE-2008-5434 | 1 Punbb | 1 Punbb | 2017-08-07 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. | |||||
| CVE-2008-5495 | 1 Gungho | 1 Loadprgax Control | 2017-08-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors. | |||||
| CVE-2008-5499 | 2 Adobe, Linux | 2 Flash Player For Linux, Linux Kernel | 2017-08-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file. | |||||
| CVE-2008-5514 | 1 University Of Washington | 1 Imap | 2017-08-07 | 4.3 MEDIUM | N/A |
| Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow. | |||||
| CVE-2008-5549 | 1 Sun | 1 Java System Portal Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." | |||||
| CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2017-08-07 | 8.5 HIGH | N/A |
| The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | |||||
| CVE-2008-5620 | 1 Roundcube | 1 Webmail | 2017-08-07 | 7.8 HIGH | N/A |
| RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. | |||||
| CVE-2008-5644 | 1 Typo3 | 1 Typo3 | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2008-5645 | 1 Orb Networks | 1 Orb | 2017-08-07 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request. | |||||
| CVE-2008-5646 | 1 Trac | 1 Trac | 2017-08-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup." | |||||
| CVE-2008-5647 | 1 Trac | 1 Trac | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors. | |||||
| CVE-2008-5655 | 1 Myiosoft | 1 Easybookmarker | 2017-08-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5656 | 1 Typo3 | 1 Typo3 | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||