Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3126 | 1 Fujitsu | 1 Serverview | 2017-08-07 | 6.5 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL. | |||||
| CVE-2008-3130 | 1 Simple Machines | 1 Opencart | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3134 | 1 Graphicsmagick | 1 Graphicsmagick | 2017-08-07 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file. | |||||
| CVE-2008-3157 | 1 Nortel | 1 Sip Multimedia Pc Client | 2017-08-07 | 5.0 MEDIUM | N/A |
| Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions. | |||||
| CVE-2008-3158 | 1 Novell | 1 Novell Client For Windows | 2017-08-07 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. | |||||
| CVE-2008-3159 | 1 Novell | 1 Edirectory | 2017-08-07 | 10.0 HIGH | N/A |
| Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." | |||||
| CVE-2008-3160 | 1 Ibm | 1 Data Ontap | 2017-08-07 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors. | |||||
| CVE-2008-3161 | 1 Ibm | 1 Maximo | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3163 | 1 Regretless | 1 Dodos Mail | 2017-08-07 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | |||||
| CVE-2008-3169 | 1 Empire Server | 1 Empire Server | 2017-08-07 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a "coordinate normalization bug." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3170 | 1 Apple | 1 Safari | 2017-08-07 | 6.8 MEDIUM | N/A |
| Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | |||||
| CVE-2008-3171 | 1 Apple | 1 Safari | 2017-08-07 | 5.0 MEDIUM | N/A |
| Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2008-3172 | 1 Opera | 1 Opera | 2017-08-07 | 6.8 MEDIUM | N/A |
| Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | |||||
| CVE-2008-3177 | 1 Sophos | 5 Email Appliance, Es1000, Es4000 and 2 more | 2017-08-07 | 5.0 MEDIUM | N/A |
| Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | |||||
| CVE-2008-3186 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3187 | 1 Opensuse | 1 Zypper | 2017-08-07 | 5.0 MEDIUM | N/A |
| zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key. | |||||
| CVE-2008-3197 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-07 | 3.5 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | |||||
| CVE-2008-3198 | 1 Mozilla | 1 Firefox | 2017-08-07 | 7.5 HIGH | N/A |
| Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. | |||||
| CVE-2008-3199 | 1 Resiprocate | 1 Resiprocate | 2017-08-07 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow remote attackers to cause a denial of service (stack consumption) via unknown network traffic with a large "bytes-in-memory/bytes-on-wire ratio." | |||||