Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5657 | 1 Quassel | 1 Quassel Core | 2017-08-07 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message. | |||||
| CVE-2008-5659 | 1 Gnu | 1 Classpath | 2017-08-07 | 7.5 HIGH | N/A |
| The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys. | |||||
| CVE-2008-5661 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-07 | 5.4 MEDIUM | N/A |
| The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference. | |||||
| CVE-2008-5662 | 1 Sun | 1 Java Wireless Toolkit For Cldc | 2017-08-07 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-5672 | 1 Phparanoid | 1 Phparanoid | 2017-08-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) admin.php or (2) private messages. | |||||
| CVE-2008-5673 | 1 Phparanoid | 1 Phparanoid | 2017-08-07 | 6.5 MEDIUM | N/A |
| PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors. | |||||
| CVE-2008-5676 | 1 Breach | 1 Modsecurity | 2017-08-07 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching." | |||||
| CVE-2008-5687 | 1 Mediawiki | 1 Mediawiki | 2017-08-07 | 5.0 MEDIUM | N/A |
| MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. | |||||
| CVE-2008-5696 | 1 Novell | 1 Netware | 2017-08-07 | 9.3 HIGH | N/A |
| Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations. | |||||
| CVE-2008-5709 | 1 Avaya | 1 Communication Manager | 2017-08-07 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. | |||||
| CVE-2008-5710 | 1 Avaya | 1 Communication Manager | 2017-08-07 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. | |||||
| CVE-2008-5714 | 1 Qemu | 1 Qemu | 2017-08-07 | 7.8 HIGH | N/A |
| Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. | |||||
| CVE-2008-5716 | 1 Citrix | 1 Xen | 2017-08-07 | 7.2 HIGH | N/A |
| xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | |||||
| CVE-2008-5720 | 1 Seasar | 1 Mayaa | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions. | |||||
| CVE-2008-5723 | 1 Cgi-rescue | 2 Kannibbs2000, Kannibbs2000i | 2017-08-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2008-5724 | 1 Eset | 1 Smart Security | 2017-08-07 | 7.2 HIGH | N/A |
| The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. | |||||
| CVE-2008-5734 | 1 Icewarp | 1 Merak Mail Server | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. | |||||
| CVE-2008-5743 | 1 Pdfjam | 1 Pdfjam | 2017-08-07 | 6.9 MEDIUM | N/A |
| pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2008-5744 | 1 Asterisk | 1 Zaptel | 2017-08-07 | 7.2 HIGH | N/A |
| Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync. | |||||
| CVE-2008-5746 | 1 Sun | 2 Snmp Management Agent, Solaris | 2017-08-07 | 6.9 MEDIUM | N/A |
| Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files. | |||||