Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0322 | 1 Microsoft | 1 Windows Xp | 2017-08-07 | 7.2 HIGH | N/A |
| The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. | |||||
| CVE-2008-0330 | 1 Radiator | 1 Radius Server | 2017-08-07 | 7.8 HIGH | N/A |
| Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. | |||||
| CVE-2008-0331 | 1 Funkwerk | 2 System Software, X2300 | 2017-08-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. | |||||
| CVE-2008-0335 | 1 Bugtracker.net | 1 Bugtracker.net | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. | |||||
| CVE-2008-0336 | 1 Bugtracker.net | 1 Bugtracker.net | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. | |||||
| CVE-2008-0354 | 1 Ibm | 1 Lotus Sametime | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. | |||||
| CVE-2008-0368 | 1 Ibm | 1 Informix Dynamic Server | 2017-08-07 | 7.2 HIGH | N/A |
| onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument. | |||||
| CVE-2008-0369 | 1 Ibm | 1 Informix Dynamic Server | 2017-08-07 | 6.9 MEDIUM | N/A |
| Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. | |||||
| CVE-2008-0389 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. | |||||
| CVE-2008-0401 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2017-08-07 | 10.0 HIGH | N/A |
| Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp. | |||||
| CVE-2008-0402 | 1 Ibm | 1 Websphere Business Modeler | 2017-08-07 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. | |||||
| CVE-2008-0404 | 1 Mantis | 1 Mantis | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. | |||||
| CVE-2008-0441 | 1 Ibm | 1 Tivoli Business Service Manager | 2017-08-07 | 2.1 LOW | N/A |
| IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information. | |||||
| CVE-2008-0444 | 1 Elog | 1 Elog | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. | |||||
| CVE-2008-0445 | 1 Elog | 1 Elog | 2017-08-07 | 5.0 MEDIUM | N/A |
| The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0448 | 1 Cybergl Dev Team | 1 Phpsearch | 2017-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter. | |||||
| CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0462 | 1 Drupal | 2 Archive Module, Drupal | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-0463 | 1 Drupal | 1 Workflow | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. | |||||
| CVE-2008-0467 | 1 Firebirdsql | 1 Firebird | 2017-08-07 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. | |||||