Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3643 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." | |||||
| CVE-2008-3645 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-3646 | 1 Apple | 1 Mac Os X | 2017-08-07 | 6.8 MEDIUM | N/A |
| The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | |||||
| CVE-2008-3647 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
| Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. | |||||
| CVE-2008-3648 | 1 Microsoft | 1 Windows Xp | 2017-08-07 | 9.3 HIGH | N/A |
| nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | |||||
| CVE-2008-3650 | 1 Horde | 1 Groupware Webmail Edition | 2017-08-07 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. | |||||
| CVE-2008-3653 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-08-07 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. | |||||
| CVE-2008-3654 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. | |||||
| CVE-2008-3667 | 1 Maxthon | 1 Maxthon Browser | 2017-08-07 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header. | |||||
| CVE-2008-3668 | 1 Marcello Brandao | 1 Yogurt Social Network Module | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap. | |||||
| CVE-2008-3672 | 1 Pozscripts | 1 Classified Ads | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3673. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3677 | 1 Openfreeway | 1 Freeway | 2017-08-07 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors. | |||||
| CVE-2008-3678 | 1 Damian Hickey | 1 Freeway | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2008-3679 | 1 Idevspot | 1 Phplinkexchange | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3682 | 1 Ypninc | 1 Php Realty | 2017-08-07 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter. | |||||
| CVE-2008-3683 | 1 Sun | 1 Java System Web Proxy Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors. | |||||
| CVE-2008-3686 | 1 Linux | 1 Linux Kernel | 2017-08-07 | 4.9 MEDIUM | N/A |
| The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference. | |||||
| CVE-2008-3687 | 1 Xen | 2 Xen, Xen Flask Module | 2017-08-07 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. | |||||
| CVE-2008-3688 | 1 Havp | 2 Havp, Http Antivirus Proxy | 2017-08-07 | 4.3 MEDIUM | N/A |
| sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable. | |||||
| CVE-2008-3699 | 1 Amarok | 1 Amarok | 2017-08-07 | 3.3 LOW | N/A |
| The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file. | |||||