Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4283 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 10.0 HIGH | N/A |
| CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-4284 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. | |||||
| CVE-2008-4285 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance." | |||||
| CVE-2008-4292 | 1 Opera | 1 Opera Browser | 2017-08-07 | 10.0 HIGH | N/A |
| Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. | |||||
| CVE-2008-4293 | 2 Microsoft, Opera | 2 Windows, Opera | 2017-08-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. | |||||
| CVE-2008-4294 | 1 Ibm | 1 Tivoli Netcool Webtop | 2017-08-07 | 7.2 HIGH | N/A |
| IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun. | |||||
| CVE-2008-4303 | 1 Php-collab | 1 Php-collab | 2017-08-07 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors. | |||||
| CVE-2008-4304 | 1 Phpcollab | 1 Phpcollab | 2017-08-07 | 10.0 HIGH | N/A |
| general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells. | |||||
| CVE-2008-4305 | 1 Php-collab | 1 Php-collab | 2017-08-07 | 9.0 HIGH | N/A |
| Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI. | |||||
| CVE-2008-4311 | 1 Freedesktop | 1 Dbus | 2017-08-07 | 4.6 MEDIUM | N/A |
| The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | |||||
| CVE-2008-4320 | 1 Opennms.org | 1 Opennms | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | |||||
| CVE-2008-4337 | 1 Bitweaver | 1 Bitweaver | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6) calendar.php, (7) index.php, and (8) list_events.php in events/; (9) index.php and (10) list_galleries.php in fisheye/; (11) liberty/list_content.php; (12) newsletters/edition.php; (13) pigeonholes/list.php; (14) recommends/index.php; (15) rss/index.php; (16) stars/index.php; (17) users/remind_password.php; (18) wiki/orphan_pages.php; and (19) stats/index.php, different vectors than CVE-2007-0526 and CVE-2005-4379. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4339 | 1 Symantec | 2 Netbackup Enterprise Server, Netbackup Server | 2017-08-07 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries." | |||||
| CVE-2008-4344 | 1 6rbscript | 1 6rbscript | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2008-4348 | 1 Outshine | 1 Phportfolio | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4349 | 1 S0nic | 1 Paranews | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action. | |||||
| CVE-2008-4358 | 1 Spaw Editor | 1 Spaw Php | 2017-08-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name. | |||||
| CVE-2008-4365 | 1 Siteman | 1 Siteman | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4368 | 1 Apple | 1 Mac Os X | 2017-08-07 | 5.0 MEDIUM | N/A |
| The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | |||||
| CVE-2008-4384 | 3 Iseemedia, Mgi Software, Roxio | 3 Lpviewer, Lpviewer, Lpviewer | 2017-08-07 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods. | |||||