| |
CVE # |
CVE Description |
SAINT® Tutorial |
SAINT® Vuln. ID |
SANS Top 20 |
 |
CVE-2008-0002 |
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. |
MacOSX vulnerabilities
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_dev_tomcatver |
|
 |
CVE-2008-0005 |
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. |
MacOSX vulnerabilities
Apache vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_server_apache_version |
|
 |
CVE-2008-0006 |
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. |
MacOSX vulnerabilities
X11 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_x11 |
|
|
CVE-2008-0011 |
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_directxrce08033 |
|
|
CVE-2008-0015 |
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." |
Windows updates needed
Microsoft outlook vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_atl
win_patch_dhtmlatl
win_patch_msoutlook09037
win_patch_videoax
win_patch_wmpatl |
 |
|
CVE-2008-0016 |
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0017 |
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0020 |
Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. |
Windows updates needed
Microsoft outlook vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_atl
win_patch_dhtmlatl
win_patch_msoutlook09037
win_patch_wmpatl |
|
|
CVE-2008-0024 |
|
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vstudiovbaxbo |
|
|
CVE-2008-0027 |
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. |
Cisco voice products
Note: Authentication is required to detect this vulnerability |
net_cisco_ctlprovider |
|
|
CVE-2008-0031 |
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-0032 |
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-0033 |
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-0035 |
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0036 |
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-0037 |
X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0038 |
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0039 |
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0040 |
Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0041 |
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0042 |
Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0043 |
Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_app_iphoto |
|
|
CVE-2008-0044 |
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0045 |
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0046 |
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0047 |
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. |
MacOSX vulnerabilities
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
printer_cupsversion |
|
|
CVE-2008-0048 |
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0049 |
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0050 |
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. |
MacOSX vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_client_safari |
|
|
CVE-2008-0051 |
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0052 |
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0053 |
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. |
MacOSX vulnerabilities
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
printer_cupsversion |
|
|
CVE-2008-0054 |
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0055 |
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0056 |
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0057 |
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0058 |
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0059 |
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0060 |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0062 |
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. |
Kerberos detected
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_kerberospkg
misc_macosx_version |
|
|
CVE-2008-0063 |
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." |
Kerberos detected
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_kerberospkg
misc_macosx_version |
|
|
CVE-2008-0065 |
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. |
Winamp vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_winamp |
|
 |
CVE-2008-0067 |
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. |
HP Openview vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
net_ovtoolbar |
|
|
CVE-2008-0072 |
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. |
GNOME Evolution vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_evolution |
|
|
CVE-2008-0073 |
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-0074 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. |
IIS vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_iisservices |
|
|
CVE-2008-0075 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. |
http IIS access
Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_asp |
|
|
CVE-2008-0076 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-0077 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-0078 |
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-0080 |
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_webdavmr |
|
|
CVE-2008-0081 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excelview
win_patch_excelxp
win_patch_office2004macver |
|
|
CVE-2008-0082 |
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_msguiauto |
|
|
CVE-2008-0083 |
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_scriptdecode |
|
|
CVE-2008-0084 |
Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_vistadhcp |
|
|
CVE-2008-0085 |
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. |
Microsoft SQL Server
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql |
|
|
CVE-2008-0086 |
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. |
Microsoft SQL Server
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql |
|
|
CVE-2008-0087 |
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_dnsspoof |
|
|
CVE-2008-0088 |
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. |
Active Directory vulnerability
Note: Authentication is required to detect this vulnerability |
win_patch_activedirdos2
win_patch_adamdos |
|
|
CVE-2008-0095 |
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-0102 |
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officepubver |
|
|
CVE-2008-0103 |
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." |
Microsoft VBA vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_vbaofficeace |
|
|
CVE-2008-0104 |
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officepubver |
|
|
CVE-2008-0105 |
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." |
Microsoft Works vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_worksconverterace |
|
|
CVE-2008-0106 |
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. |
Microsoft SQL Server
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql |
|
|
CVE-2008-0107 |
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability." |
Microsoft SQL Server
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql |
|
|
CVE-2008-0108 |
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." |
Microsoft Works vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_worksconverterace |
|
|
CVE-2008-0109 |
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_word2000
win_patch_word2003
win_patch_wordview2003 |
|
|
CVE-2008-0110 |
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. |
Outlook and Outlook Express
Note: Authentication is required to detect this vulnerability |
mail_client_outlook2000
mail_client_outlook2002
mail_client_outlook2003
mail_client_outlook2007 |
|
|
CVE-2008-0111 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excel2007
win_patch_excelcpack
win_patch_excelview
win_patch_excelxp
win_patch_office2004macver |
|
|
CVE-2008-0112 |
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-0113 |
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2000
win_patch_office2002
win_patch_office2003
win_patch_office2004macver |
|
|
CVE-2008-0114 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excelview
win_patch_excelxp
win_patch_office2004macver |
|
|
CVE-2008-0115 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excel2007
win_patch_excelcpack
win_patch_excelview
win_patch_excelxp
win_patch_office2004macver |
|
|
CVE-2008-0116 |
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excelcpack
win_patch_excelview
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-0117 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-0118 |
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2000
win_patch_office2002
win_patch_office2003
win_patch_office2004macver |
|
|
CVE-2008-0119 |
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officepubver |
|
|
CVE-2008-0120 |
Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_pptview2003 |
|
|
CVE-2008-0121 |
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_pptview2003 |
|
|
CVE-2008-0122 |
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. |
DNS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver |
|
|
CVE-2008-0124 |
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. |
Serendipity vulnerabilities
|
web_prog_php_serendipity |
|
|
CVE-2008-0127 |
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. |
McAfee eBusiness Server
Note: Authentication is required to detect this vulnerability |
misc_mcebus |
|
|
CVE-2008-0128 |
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. |
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver |
|
|
CVE-2008-0166 |
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. |
OpenSSL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl |
|
|
CVE-2008-0177 |
The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0193 |
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2008-0194 |
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2008-0218 |
Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
IceWarp vulnerabilities
|
mail_web_icewarp |
|
|
CVE-2008-0221 |
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. |
Gateway Web Launch vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_weblaunchax |
|
|
CVE-2008-0223 |
Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file. |
Ichitaro vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ichitaro_ver |
|
|
CVE-2008-0226 |
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. |
MySQL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_mysql_ssl
misc_macosx_version |
|
|
CVE-2008-0227 |
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp. |
MySQL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_mysql_ssl
misc_macosx_version |
|
|
CVE-2008-0234 |
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-0236 |
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vfoxproax |
|
|
CVE-2008-0237 |
The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_rtcax |
|
|
CVE-2008-0244 |
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. |
SAP Database vulnerabilities
|
database_sap_maxdbcons |
|
|
CVE-2008-0247 |
Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value. |
Tivoli Storage Manager
Note: Authentication is required to detect this vulnerability |
misc_tivoliexp |
|
|
CVE-2008-0251 |
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. |
PhotoPost vBGallery vulnerabilities
|
web_prog_php_photopostvbgallery |
|
|
CVE-2008-0272 |
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-0273 |
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-0274 |
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-0289 |
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year." |
PHP injection
|
web_prog_php_masviewfunc |
|
|
CVE-2008-0295 |
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-0296 |
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-0304 |
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_seamonkey |
|
|
CVE-2008-0306 |
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. |
SAP Database vulnerabilities
|
database_sap_maxdbver |
|
|
CVE-2008-0307 |
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. |
SAP Database vulnerabilities
|
database_sap_maxdbver |
|
|
CVE-2008-0308 |
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). |
Symantec vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_symantec_antivirusscanenginever
misc_av_symantec_scanenginever
misc_av_symantec_symscanver |
|
|
CVE-2008-0309 |
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). |
Symantec vulnerabilities
|
misc_av_symantec_antivirusscanenginever
misc_av_symantec_scanenginever |
|
|
CVE-2008-0311 |
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request. |
Borland StarTeam vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_tool_starteam_multihttpbo |
|
|
CVE-2008-0312 |
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. |
Symantec vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_symantec_autofixax |
|
|
CVE-2008-0313 |
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. |
Symantec vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_symantec_autofixax |
|
|
CVE-2008-0314 |
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-0318 |
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-0320 |
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice |
|
|
CVE-2008-0338 |
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. |
http server read access
|
web_server_read |
|
|
CVE-2008-0339 |
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0340 |
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04). |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0341 |
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0342 |
Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0343 |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0344 |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0345 |
Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0347 |
Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-0356 |
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. |
Citrix MetaFrame IMA vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_citriximasrv |
|
|
CVE-2008-0364 |
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier. |
uTorrent vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_p2p_utorrent |
|
|
CVE-2008-0379 |
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vstudiocretbo |
|
|
CVE-2008-0387 |
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. |
Firebird vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
database_firebird_ver
database_firebirdxdr |
|
|
CVE-2008-0392 |
Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vb6vbpbo |
|
|
CVE-2008-0393 |
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361. |
vulnerable web program
|
web_prog_php_gradmaninfo |
|
|
CVE-2008-0394 |
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. |
Citadel UX vulnerabilities
|
misc_citadel
misc_citadelrcpt |
|
|
CVE-2008-0396 |
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. |
http server read access
|
web_server_read |
|
|
CVE-2008-0401 |
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp. |
Tivoli Provisioning Manager vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_tivolirem |
|
|
CVE-2008-0403 |
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. |
Belkin router vulnerability
|
net_belkinauthbypass |
|
|
CVE-2008-0404 |
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-0405 |
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. |
HFS HTTP File Server vulnerabilities
|
web_server_hfsver |
|
|
CVE-2008-0406 |
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. |
HFS HTTP File Server vulnerabilities
|
web_server_hfsver |
|
|
CVE-2008-0407 |
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. |
HFS HTTP File Server vulnerabilities
|
web_server_hfsver |
|
|
CVE-2008-0408 |
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. |
HFS HTTP File Server vulnerabilities
|
web_server_hfsver |
|
|
CVE-2008-0409 |
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. |
HFS HTTP File Server vulnerabilities
|
web_server_hfsver |
|
|
CVE-2008-0410 |
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. |
HFS HTTP File Server vulnerabilities
|
web_server_hfsver |
|
|
CVE-2008-0412 |
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0413 |
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0414 |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0415 |
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0416 |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_seamonkey |
|
|
CVE-2008-0417 |
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-0418 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0419 |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0420 |
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0437 |
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. |
HP Virtual Rooms vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_hpvirtualax |
|
|
CVE-2008-0443 |
Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information. |
Lycos vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_lycosax |
|
|
CVE-2008-0444 |
Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. |
ELOG vulnerabilities
|
web_server_elog |
|
|
CVE-2008-0445 |
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information. |
ELOG vulnerabilities
|
web_server_elog |
|
|
CVE-2008-0454 |
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." |
Skype vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_skypever |
|
|
CVE-2008-0455 |
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. |
Apache vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version |
|
|
CVE-2008-0456 |
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. |
MacOSX vulnerabilities
Apache vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_server_apache_version |
|
|
CVE-2008-0457 |
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. |
Veritas Backup Exec
Note: Authentication is required to detect this vulnerability |
misc_symantecbackup |
|
|
CVE-2008-0460 |
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
MediaWiki vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki |
|
|
CVE-2008-0467 |
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. |
Firebird vulnerabilities
Interbase detected
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
database_firebird_ver
database_interbasecategory_usernameintbo |
|
|
CVE-2008-0470 |
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. |
Comodo Antivirus vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_comodoax |
|
|
CVE-2008-0490 |
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. |
SQL injection
|
web_prog_sql_wpcal |
|
|
CVE-2008-0491 |
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter. |
SQL injection
|
web_prog_sql_fgallery |
|
|
CVE-2008-0493 |
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information. |
IrfanView vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_irfanviewver |
|
|
CVE-2008-0503 |
Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. |
PHP injection
|
web_prog_php_smartpublisher |
|
|
CVE-2008-0507 |
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. |
SQL injection
|
web_prog_sql_adclick |
|
|
CVE-2008-0513 |
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840. |
vulnerable web program
|
web_prog_php_parserfile |
|
|
CVE-2008-0514 |
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action. |
SQL injection
|
web_prog_sql_joomlaglossary |
|
|
CVE-2008-0516 |
PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
PHP injection
|
web_prog_php_confirm |
|
|
CVE-2008-0532 |
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. |
Cisco Secure ACS vulnerabilities
|
web_tool_acsucp |
|
|
CVE-2008-0533 |
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. |
Cisco Secure ACS vulnerabilities
|
web_tool_acsucp |
|
|
CVE-2008-0546 |
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. |
SQL injection
|
web_prog_sql_candypress |
|
|
CVE-2008-0564 |
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. |
Mailman vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman
misc_macosx_version |
|
|
CVE-2008-0590 |
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command. |
WS FTP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
ftp_wsftpsftp |
|
|
CVE-2008-0591 |
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox |
|
|
CVE-2008-0592 |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0593 |
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-0594 |
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-0596 |
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. |
MacOSX vulnerabilities
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
printer_cupsversion |
|
|
CVE-2008-0597 |
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. |
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion |
|
|
CVE-2008-0599 |
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-0604 |
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. |
Xlight FTP Server
|
ftp_xlight |
|
|
CVE-2008-0608 |
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823. |
WS FTP vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_wsftplogver |
|
|
CVE-2008-0610 |
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. |
VNC detected
Note: Authentication is required to detect this vulnerability |
misc_vncview |
|
|
CVE-2008-0620 |
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. |
LPD vulnerabilities
|
printer_saplpd |
|
|
CVE-2008-0621 |
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. |
LPD vulnerabilities
|
printer_saplpd |
|
|
CVE-2008-0623 |
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. |
Yahoo Music vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_yahoojdataax |
|
|
CVE-2008-0624 |
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623. |
Yahoo Music vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_yahoojdataax |
|
|
CVE-2008-0625 |
Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method. |
Yahoo Music vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_yahoojmediaax |
|
|
CVE-2008-0628 |
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-0638 |
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size. |
VERITAS Storage vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vxsvc |
|
|
CVE-2008-0639 |
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. |
Novell Print Services vulnerabilities
Note: Authentication is required to detect this vulnerability |
printer_novellclient3 |
|
|
CVE-2008-0643 |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
http Cold Fusion
Note: Authentication is required to detect this vulnerability |
web_prog_cfm_xss |
|
|
CVE-2008-0644 |
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. |
http Cold Fusion
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx |
|
|
CVE-2008-0655 |
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-0657 |
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-0658 |
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. |
MacOSX vulnerabilities
OpenLDAP vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_openldap |
|
|
CVE-2008-0659 |
Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property. |
Aurigma image uploader vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_aurigmaax |
|
|
CVE-2008-0660 |
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties. |
Aurigma image uploader vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_facebookphotouploaderax |
|
|
CVE-2008-0664 |
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2008-0667 |
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-0674 |
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. |
PCRE vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever
misc_macosx_version |
|
|
CVE-2008-0702 |
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. |
Titan FTP vulnerabilities
|
ftp_titan |
|
|
CVE-2008-0704 |
Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors. |
OpenVMS SSH vulnerabilities
|
shell_ssh_openvms |
|
|
CVE-2008-0712 |
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513. |
HP Software Update vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_hpsoftwareupdatetool_hpediagax |
|
|
CVE-2008-0716 |
The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack. |
Altiris Notification Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_symantecaltirisagent |
|
|
CVE-2008-0719 |
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. |
SQL injection
|
web_prog_sql_oscommercetestimonials |
|
|
CVE-2008-0725 |
Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. |
Titan FTP vulnerabilities
|
ftp_titan |
|
|
CVE-2008-0726 |
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-0727 |
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. |
INFORMIX vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
database_informix_capso
database_informix_idsver |
|
|
CVE-2008-0728 |
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-0760 |
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483. |
http server read access
|
web_server_read |
|
|
CVE-2008-0783 |
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php. |
Cacti vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_cacti |
|
|
CVE-2008-0784 |
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. |
Cacti vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_cacti |
|
|
CVE-2008-0785 |
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login. |
Cacti vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_cacti |
|
|
CVE-2008-0786 |
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
Cacti vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_cacti |
|
|
CVE-2008-0792 |
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. |
FSecure vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_fsecurefsc20082 |
|
|
CVE-2008-0807 |
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. |
Horde IMP vulnerabilities
Horde vulnerabilities
Horde application vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_web_imp
web_prog_php_horde
web_prog_php_hordeturba |
|
|
CVE-2008-0824 |
Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors. |
Claroline vulnerabilities
|
web_prog_php_clarolinever |
|
|
CVE-2008-0825 |
SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
Claroline vulnerabilities
|
web_prog_php_clarolinever |
|
|
CVE-2008-0826 |
Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Claroline vulnerabilities
|
web_prog_php_clarolinever |
|
|
CVE-2008-0850 |
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php. |
Claroline vulnerabilities
|
web_prog_php_dokeosver |
|
|
CVE-2008-0851 |
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php. |
Claroline vulnerabilities
|
web_prog_php_dokeosver |
|
|
CVE-2008-0858 |
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. |
Kerio MailServer vulnerabilities
|
mail_smtp_kerio |
|
|
CVE-2008-0859 |
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption. |
Kerio MailServer vulnerabilities
|
mail_smtp_kerio |
|
|
CVE-2008-0860 |
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs. |
Kerio MailServer vulnerabilities
|
mail_smtp_kerio |
|
|
CVE-2008-0873 |
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. |
SQL injection
|
web_prog_sql_xoopsadsview |
|
|
CVE-2008-0879 |
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. |
SQL injection
|
web_prog_sql_phpnukeweblinkscid |
|
|
CVE-2008-0882 |
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information. |
MacOSX vulnerabilities
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
printer_cupsversion |
|
|
CVE-2008-0883 |
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acroread |
|
|
CVE-2008-0888 |
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0891 |
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. |
OpenSSL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl |
|
|
CVE-2008-0910 |
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792. |
FSecure vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_fsecurefsc20082 |
|
|
CVE-2008-0912 |
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information. |
Sybase vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
database_sybasesql |
|
|
CVE-2008-0923 |
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-0924 |
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. |
Novell eDirectory
Note: Authentication is required to detect this vulnerability |
misc_edirectoryver |
|
|
CVE-2008-0927 |
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. |
Novell eDirectory HTTP
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_tool_edirectorymulticonnection |
|
|
CVE-2008-0935 |
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method. |
Novell Print Services vulnerabilities
Note: Authentication is required to detect this vulnerability |
printer_novelliprtax |
|
|
CVE-2008-0947 |
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. |
Kerberos detected
Note: Authentication is required to detect this vulnerability |
misc_kerberospkg |
|
|
CVE-2008-0948 |
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. |
Kerberos detected
Note: Authentication is required to detect this vulnerability |
misc_kerberospkg |
|
|
CVE-2008-0949 |
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. |
INFORMIX vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_informix_idsver |
|
|
CVE-2008-0952 |
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953. |
HP Instant Support vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax |
|
|
CVE-2008-0953 |
The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953. |
HP Instant Support vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax |
|
|
CVE-2008-0955 |
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value. |
Creative Software AutoUpdate vulnerability
Note: Authentication is required to detect this vulnerability |
misc_creativeautoupdateax |
|
|
CVE-2008-0956 |
Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. |
BackWeb Lite Install Runner vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_backwebax |
|
|
CVE-2008-0957 |
Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters. |
PhotoStockPlus vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_pspuploaderax |
|
|
CVE-2008-0960 |
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. |
MacOSX vulnerabilities
Cisco SNMP vulnerability
Net SNMP vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
misc_macosx_version
net_cisco_snmp
net_snmp_snmpver |
|
|
CVE-2008-0983 |
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2008-0984 |
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-0987 |
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0988 |
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0989 |
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0990 |
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0992 |
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0993 |
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0994 |
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0995 |
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0996 |
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0997 |
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0998 |
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-0999 |
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1000 |
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1001 |
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1002 |
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1003 |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1004 |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1005 |
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1006 |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1007 |
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1008 |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1009 |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1010 |
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1011 |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1013 |
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1014 |
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1015 |
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1016 |
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1017 |
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1018 |
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1019 |
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1020 |
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1021 |
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1022 |
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1023 |
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1024 |
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1025 |
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1026 |
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1027 |
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1028 |
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1030 |
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1031 |
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1032 |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1033 |
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1034 |
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1035 |
Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1036 |
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1045 |
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. |
OpenCms vulnerabilities
|
web_prog_jsp_opencmsver |
|
|
CVE-2008-1047 |
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
TikiWiki vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver |
|
|
CVE-2008-1052 |
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. |
SurgeFTP vulnerabilities
|
ftp_surge |
|
|
CVE-2008-1054 |
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information. |
SurgeMail vulnerabilities
|
mail_web_surge |
|
|
CVE-2008-1055 |
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. |
SurgeMail vulnerabilities
|
mail_web_surge |
|
|
CVE-2008-1070 |
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-1071 |
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-1072 |
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-1080 |
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-1081 |
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-1082 |
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-1083 |
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_gdi_03
win_patch_gdi_2k
win_patch_gdi_vista
win_patch_gdi_xp |
|
|
CVE-2008-1084 |
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_callback |
|
|
CVE-2008-1085 |
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-1086 |
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_hxvzax |
|
|
CVE-2008-1087 |
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_gdi_03
win_patch_gdi_2k
win_patch_gdi_vista
win_patch_gdi_xp |
|
|
CVE-2008-1088 |
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_project_2000
win_patch_project_2002
win_patch_project_2003 |
|
|
CVE-2008-1089 |
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_visio2002
win_patch_visio2003
win_patch_visio2007 |
|
|
CVE-2008-1090 |
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_visio2002
win_patch_visio2003
win_patch_visio2007 |
|
|
CVE-2008-1091 |
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_office2008macver
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-1092 |
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_jetver |
|
|
CVE-2008-1095 |
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. |
Solaris vulnerabilities
|
misc_solaris_fwbypass |
|
|
CVE-2008-1096 |
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. |
ImageMagick vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_imagemagick |
|
|
CVE-2008-1097 |
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. |
ImageMagick vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_imagemagick |
|
|
CVE-2008-1100 |
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-1105 |
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. |
MacOSX vulnerabilities
Samba vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
win_samba |
|
|
CVE-2008-1108 |
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. |
GNOME Evolution vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_evolution |
|
|
CVE-2008-1109 |
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). |
GNOME Evolution vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_evolution |
|
|
CVE-2008-1111 |
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2008-1117 |
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. |
Timbuktu vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_timbuktu_dt
misc_timbuktu_ver |
|
|
CVE-2008-1118 |
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. |
Timbuktu vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_timbuktu_dt
misc_timbuktu_ver |
|
|
CVE-2008-1120 |
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. |
AOL ICQ vulnerability
Note: Authentication is required to detect this vulnerability |
misc_icqver |
|
|
CVE-2008-1130 |
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-1131 |
Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-1133 |
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-1145 |
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-1149 |
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-1150 |
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-1151 |
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-1152 |
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-1153 |
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-1156 |
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-1159 |
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ssh |
|
|
CVE-2008-1185 |
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1186 |
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1187 |
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1188 |
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues." |
Java Web Start
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
misc_javawebstart
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1189 |
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. |
Java Web Start
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
misc_javawebstart
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1190 |
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. |
Java Web Start
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
misc_javawebstart
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1191 |
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." |
Java Web Start
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
misc_javawebstart
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1192 |
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1193 |
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1194 |
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1195 |
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. |
Mozilla vulnerabilities
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_jre
web_client_seamonkey
web_dev_jdk |
|
|
CVE-2008-1196 |
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-1203 |
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. |
http Cold Fusion
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx |
|
|
CVE-2008-1232 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. |
MacOSX vulnerabilities
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_dev_tomcatver |
|
|
CVE-2008-1233 |
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1234 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1235 |
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1236 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1237 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1238 |
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1240 |
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1241 |
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1270 |
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2008-1284 |
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. |
Horde vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde |
|
|
CVE-2008-1286 |
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. |
Java Web Console vulnerabilities
|
web_tool_javawebconsolever |
|
|
CVE-2008-1289 |
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
net_asterisk
net_asterisktypeno |
|
|
CVE-2008-1300 |
Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045. |
OpenCms vulnerabilities
|
web_prog_jsp_opencmsver |
|
|
CVE-2008-1301 |
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. |
OpenCms vulnerabilities
|
web_prog_jsp_opencmsver |
|
|
CVE-2008-1309 |
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. |
RealPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_realplayer
misc_realplayercategory_rmocaxver |
|
|
CVE-2008-1328 |
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments." |
ARCserve vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_lgservernb |
|
|
CVE-2008-1329 |
Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads." |
ARCserve vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_arcservecategory_lgservernb |
|
|
CVE-2008-1330 |
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. |
Novell GroupWise vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_groupwise_clientver |
|
|
CVE-2008-1332 |
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-1333 |
Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-1337 |
The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. |
Timbuktu vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_timbuktu_dt
misc_timbuktu_ver |
|
|
CVE-2008-1340 |
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption." |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1357 |
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8. |
McAfee ePolicy Orchestrator
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
web_tool_mcafeecmalogfs
web_tool_mcafeefsver |
|
|
CVE-2008-1358 |
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY. |
MDaemon vulnerabilities
|
mail_imap_mdaemon |
|
|
CVE-2008-1361 |
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1362 |
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1363 |
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1364 |
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1365 |
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors. |
Trend Micro OfficeScan
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_policyserver |
|
|
CVE-2008-1372 |
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1373 |
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. |
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion |
|
|
CVE-2008-1377 |
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. |
MacOSX vulnerabilities
X11 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_x11 |
|
|
CVE-2008-1379 |
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. |
MacOSX vulnerabilities
X11 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_x11 |
|
|
CVE-2008-1380 |
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-1382 |
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1384 |
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2008-1387 |
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-1389 |
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-1390 |
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-1391 |
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1392 |
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1412 |
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
FSecure vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_fsecurefsc20083 |
|
|
CVE-2008-1434 |
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_office2008macver
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-1435 |
Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_explorer |
|
|
CVE-2008-1436 |
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_msdtc |
|
|
CVE-2008-1437 |
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438. |
Microsoft Malware Protection Engine vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_mpe_antigenexchange
win_patch_mpe_antigensmtp
win_patch_mpe_forefrontexchange
win_patch_mpe_forefrontsharepoint
win_patch_mpe_onecarever
win_patch_mpe_windefenderver |
|
|
CVE-2008-1438 |
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437. |
Microsoft Malware Protection Engine vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_mpe_antigenexchange
win_patch_mpe_antigensmtp
win_patch_mpe_forefrontexchange
win_patch_mpe_forefrontsharepoint
win_patch_mpe_onecarever
win_patch_mpe_windefenderver |
|
|
CVE-2008-1440 |
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_pgmdos |
|
|
CVE-2008-1441 |
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_pgmdos |
|
|
CVE-2008-1442 |
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-1444 |
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_directxrce08033 |
|
|
CVE-2008-1445 |
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. |
Active Directory vulnerability
Note: Authentication is required to detect this vulnerability |
win_patch_activedirdos3
win_patch_adamdos2 |
|
|
CVE-2008-1446 |
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." |
http IIS access
Note: Authentication is required to detect this vulnerability |
web_server_iis_printer |
|
|
CVE-2008-1447 |
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." |
DNS vulnerabilities
Cisco DNS vulnerability
MacOSX vulnerabilities
Windows updates needed
Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver
dns_ciscopoison
misc_macosx_version
win_patch_dnsclientspoof
win_patch_dnsserverspoof |
|
|
CVE-2008-1448 |
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." |
Windows Mail vulnerabilities
Microsoft outlook vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_windowsmail
win_patch_msoutlook |
|
|
CVE-2008-1451 |
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." |
WINS vulnerability
Note: Authentication is required to detect this vulnerability |
win_patch_winspe |
|
|
CVE-2008-1453 |
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. |
Bluetooth wireless vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_wireless_bluetoothstack |
|
|
CVE-2008-1454 |
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. |
Windows DNS vulnerabilities
Windows updates needed
Note: Authentication is recommended to improve the accuracy of this check |
dns_dnsspoof
win_patch_dnsserverspoof |
|
|
CVE-2008-1455 |
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_ppt2000
win_patch_ppt2003
win_patch_ppt2007
win_patch_pptxp |
|
|
CVE-2008-1456 |
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_eventsyssub |
|
|
CVE-2008-1457 |
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_eventsyssub |
|
|
CVE-2008-1468 |
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information. |
HP Systems Insight Manager
|
web_tool_hpsim |
|
|
CVE-2008-1472 |
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method. |
ARCserve vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_listctrlax |
|
|
CVE-2008-1473 |
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-1478 |
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information. |
Home FTP vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_homever |
|
|
CVE-2008-1483 |
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. |
OpenSSH vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh |
|
|
CVE-2008-1489 |
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-1490 |
Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659. |
Aurigma image uploader vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_aurigmaax |
|
|
CVE-2008-1491 |
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623. |
ASUS Remote Console vulnerabilities
|
misc_ipmi_asusbo |
|
|
CVE-2008-1497 |
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command. |
SurgeMail vulnerabilities
|
mail_web_surge |
|
|
CVE-2008-1498 |
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command. |
SurgeMail vulnerabilities
|
mail_web_surge |
|
|
CVE-2008-1517 |
Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1530 |
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs." |
GnuPG vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_gnupg
misc_gnupgsmime |
|
|
CVE-2008-1531 |
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2008-1544 |
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-1545 |
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 |
|
|
CVE-2008-1561 |
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-1562 |
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-1563 |
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-1567 |
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-1571 |
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1572 |
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1573 |
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1574 |
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1575 |
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1576 |
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1577 |
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1578 |
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1579 |
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1580 |
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1581 |
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1582 |
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1583 |
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1584 |
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1585 |
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-1588 |
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-1602 |
Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed. |
Orbit Downloader vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_orbitdownloaderver |
|
|
CVE-2008-1612 |
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. |
Squid vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid |
|
|
CVE-2008-1625 |
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. |
Avast vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_avasthomepro |
|
|
CVE-2008-1643 |
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. |
LANDesk Management Suite vulnerabilities
|
misc_landesksuitetftpdt |
|
|
CVE-2008-1654 |
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-1655 |
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-1657 |
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. |
OpenSSH vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh |
|
|
CVE-2008-1661 |
Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request. |
HP StorageWorks vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_hpstorageworks |
|
|
CVE-2008-1670 |
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. |
Konqueror vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_konqueror |
|
|
CVE-2008-1672 |
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. |
OpenSSL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl |
|
|
CVE-2008-1673 |
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-1676 |
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. |
Red Hat Certificate System vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatcsver |
|
|
CVE-2008-1678 |
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. |
MacOSX vulnerabilities
OpenSSL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
misc_openssl |
|
|
CVE-2008-1679 |
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1694 |
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
Emacs vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_editors_emacs_version |
|
|
CVE-2008-1697 |
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information. |
HP Openview vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
net_ovhttphandling |
|
|
CVE-2008-1703 |
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. |
Rendezvous vulnerabilities
|
web_tool_rendezvous |
|
|
CVE-2008-1705 |
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. |
solidDB vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
database_soliddb_fs |
|
|
CVE-2008-1706 |
Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. |
solidDB vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_soliddb_fs |
|
|
CVE-2008-1707 |
IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. |
solidDB vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_soliddb_fs |
|
|
CVE-2008-1708 |
IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field. |
solidDB vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_soliddb_fs |
|
|
CVE-2008-1720 |
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. |
rsyncd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_rsyncdver |
|
|
CVE-2008-1721 |
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. |
MacOSX vulnerabilities
Python vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_python |
|
|
CVE-2008-1722 |
Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. |
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion |
|
|
CVE-2008-1729 |
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-1761 |
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-1762 |
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-1764 |
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-1765 |
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244. |
Adobe Photoshop vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_adobe_photoshopbmp2 |
|
|
CVE-2008-1767 |
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-1768 |
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-1769 |
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-1786 |
The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. |
CA Multiple Product vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_cadsmax |
|
|
CVE-2008-1801 |
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field. |
rdesktop vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_rdesktop |
|
|
CVE-2008-1802 |
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields. |
rdesktop vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_rdesktop |
|
|
CVE-2008-1803 |
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. |
rdesktop vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_rdesktop |
|
|
CVE-2008-1804 |
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. |
Snort vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_snort |
|
|
CVE-2008-1805 |
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. |
Skype vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_skypever |
|
|
CVE-2008-1806 |
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. |
FreeType vulnerabilities
MacOSX vulnerabilities
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lib_freetype
misc_macosx_version
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1807 |
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. |
FreeType vulnerabilities
MacOSX vulnerabilities
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lib_freetype
misc_macosx_version
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1808 |
Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. |
FreeType vulnerabilities
MacOSX vulnerabilities
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lib_freetype
misc_macosx_version
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-1809 |
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." |
Novell eDirectory
Note: Authentication is required to detect this vulnerability |
misc_edirectoryncp |
|
|
CVE-2008-1810 |
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. |
SAP Database vulnerabilities
|
database_sap_maxdbver |
|
|
CVE-2008-1812 |
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1813 |
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1814 |
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2008-1815 |
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL injection in LOCK_CHANGE_SET. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1816 |
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1817 |
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1818 |
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1819 |
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1820 |
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1821 |
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB15 is for multiple buffer overflows in the (1) AQ$_REGISTER and (2) AQ$_UNREGISTER procedures. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-1824 |
Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-1825 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-1833 |
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-1835 |
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-1836 |
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-1837 |
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-1854 |
Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
SmarterMail vulnerabilities
|
mail_web_smartermail |
|
|
CVE-2008-1855 |
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274. |
McAfee ePolicy Orchestrator
|
web_tool_epolicyframeworkservicesbo |
|
|
CVE-2008-1880 |
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. |
Firebird vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_firebird_ver |
|
|
CVE-2008-1881 |
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-1887 |
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. |
MacOSX vulnerabilities
Python vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_python |
|
|
CVE-2008-1891 |
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. |
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_ruby |
|
|
CVE-2008-1897 |
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-1898 |
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_worksax |
|
|
CVE-2008-1910 |
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244. |
Interbase detected
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
database_interbasecategory_serviceattachbo
database_interbasecategory_ver |
|
|
CVE-2008-1918 |
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected. |
PHP Fusion vulnerabilities
|
web_prog_php_fusionver |
|
|
CVE-2008-1920 |
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message. |
AOL ICQ vulnerability
Note: Authentication is required to detect this vulnerability |
misc_icqver |
|
|
CVE-2008-1923 |
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-1924 |
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-1927 |
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. |
perl vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lang_perl
misc_macosx_version |
|
|
CVE-2008-1930 |
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2008-1947 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. |
MacOSX vulnerabilities
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_dev_tomcatver |
|
|
CVE-2008-1965 |
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname. |
Lotus Expeditor vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_lotus_expeditorcai |
|
|
CVE-2008-1966 |
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-1974 |
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
Horde application vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_hordekrono |
|
|
CVE-2008-1979 |
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read. |
ARCserve vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_discovery |
|
|
CVE-2008-1995 |
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. |
Sun Java System Directory Proxy Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ldapcategory_sunjsdsver |
|
|
CVE-2008-2008 |
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message. |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2008-2027 |
Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action. |
RSA SecurID Web Agent
|
misc_rsaauthredir |
|
|
CVE-2008-2042 |
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-2049 |
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. |
Epost vulnerabilities
|
mail_pop_epost |
|
|
CVE-2008-2050 |
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-2051 |
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-2068 |
Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2008-2079 |
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. |
MySQL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version
misc_macosx_version |
|
|
CVE-2008-2086 |
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-2098 |
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-2099 |
Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-2100 |
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmwarevixapi |
|
|
CVE-2008-2107 |
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2008-2108 |
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2008-2111 |
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. |
Yahoo Assistant vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_yahooassistant_notifierax |
|
|
CVE-2008-2123 |
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. |
SAP ITS vulnerabilities
|
web_tool_sap_itsxss |
|
|
CVE-2008-2136 |
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-2137 |
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-2142 |
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. |
Emacs vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_editors_emacs_version |
|
|
CVE-2008-2152 |
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice
misc_openofficewin |
|
|
CVE-2008-2154 |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-2161 |
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. |
TFTP Server vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
ftp_tftpserverver |
|
|
CVE-2008-2166 |
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp. |
Sun Java System Web Server vulnerabilities
|
web_server_sjsws_searchxss |
|
|
CVE-2008-2214 |
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet. |
SNMPc Network Manager vulnerability
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
net_snmp_snmpc_trap |
|
|
CVE-2008-2233 |
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. |
Openwsman vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_tool_openwsmanver |
|
|
CVE-2008-2234 |
Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote attackers to execute arbitrary code via a crafted "Authorization: Basic" HTTP header. |
Openwsman vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_tool_openwsmanver |
|
|
CVE-2008-2237 |
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice
misc_openofficewin1 |
|
|
CVE-2008-2238 |
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice
misc_openofficewin1 |
|
|
CVE-2008-2240 |
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header. |
Lotus Domino HTTP vulnerability
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_server_lotus_dominohttpheader |
|
|
CVE-2008-2241 |
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. |
ARCserve vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_ver
misc_arcservecategory_xdr |
|
|
CVE-2008-2242 |
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function. |
ARCserve vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_arcservecategory_ver
misc_arcservecategory_xdr |
|
|
CVE-2008-2244 |
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_word2003
win_patch_wordxp |
|
|
CVE-2008-2245 |
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_msicm |
|
|
CVE-2008-2246 |
Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. |
Microsoft Windows IPsec vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ipsec |
|
|
CVE-2008-2247 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. |
Outlook Web Access
Note: Authentication is required to detect this vulnerability |
mail_web_owape |
|
|
CVE-2008-2248 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. |
Outlook Web Access
Note: Authentication is required to detect this vulnerability |
mail_web_owamsver
mail_web_owape |
|
|
CVE-2008-2249 |
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_gdi_03
win_patch_gdi_08
win_patch_gdi_2k
win_patch_gdi_vista
win_patch_gdi_xp |
|
|
CVE-2008-2250 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_property |
|
|
CVE-2008-2251 |
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_property |
|
|
CVE-2008-2252 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_property |
|
|
CVE-2008-2253 |
Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_wmpsampling |
|
|
CVE-2008-2254 |
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-2255 |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-2256 |
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-2257 |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-2258 |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-2259 |
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-2276 |
Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-2283 |
IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1 ActiveX control in IDAutomationDMATRIX6.DLL (aka IDautomation Datamatrix Barcode) 1.6.0.6, (c) the IDAuto.PDF417.1 ActiveX control in IDAutomationPDF417_6.dll (aka IDautomation PDF417 Barcode) 1.6.0.6, and (d) the IDAuto.Aztec.1 ActiveX control in IDAutomationAZTEC.dll (aka IDautomation Aztec Barcode) 1.7.1.0. |
IDAutomation vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_idautomationbarcodeax |
|
|
CVE-2008-2286 |
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-2287 |
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-2288 |
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-2289 |
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-2290 |
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-2291 |
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-2305 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2306 |
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-2307 |
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. |
MacOSX vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_client_safari |
|
|
CVE-2008-2308 |
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2309 |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2310 |
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2311 |
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2312 |
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2313 |
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2314 |
Dock in Apple Mac OS X 10.5 before 10.5.4, when Expos hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2315 |
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2316 |
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB." |
MacOSX vulnerabilities
Python vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_python |
|
|
CVE-2008-2320 |
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. |
MacOSX vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_client_safari |
|
|
CVE-2008-2321 |
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." |
MacOSX vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_client_safari |
|
|
CVE-2008-2322 |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2323 |
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2324 |
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2325 |
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2327 |
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2329 |
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2330 |
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2331 |
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2332 |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2360 |
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. |
MacOSX vulnerabilities
X11 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_x11 |
|
|
CVE-2008-2361 |
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. |
MacOSX vulnerabilities
X11 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_x11 |
|
|
CVE-2008-2362 |
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. |
MacOSX vulnerabilities
X11 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_x11 |
|
|
CVE-2008-2364 |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. |
MacOSX vulnerabilities
Apache module vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_mod_proxyver |
|
|
CVE-2008-2367 |
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. |
Red Hat Certificate System vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatcsver |
|
|
CVE-2008-2368 |
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. |
Red Hat Certificate System vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatcsver |
|
|
CVE-2008-2370 |
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. |
MacOSX vulnerabilities
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_dev_tomcatver |
|
|
CVE-2008-2371 |
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. |
PCRE vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever
misc_macosx_version |
|
|
CVE-2008-2375 |
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. |
vsftpd FTP Server vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
ftp_vsftpd |
|
|
CVE-2008-2376 |
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2379 |
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. |
SquirrelMail vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel
misc_macosx_version |
|
|
CVE-2008-2383 |
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. |
MacOSX vulnerabilities
xterm vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_xterm |
|
|
CVE-2008-2401 |
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications. |
Sun Java ASP Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_s1aspver |
|
|
CVE-2008-2402 |
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. |
Sun Java ASP Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_s1aspver |
|
|
CVE-2008-2403 |
Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method. |
Sun Java ASP Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_s1aspver |
|
|
CVE-2008-2404 |
Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field. |
Sun Java ASP Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_s1aspver |
|
|
CVE-2008-2405 |
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications. |
Sun Java ASP Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_s1aspver |
|
|
CVE-2008-2406 |
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. |
Sun Java ASP Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_s1aspver |
|
|
CVE-2008-2407 |
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message. |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2008-2408 |
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag. |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2008-2409 |
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2008-2430 |
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-2431 |
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method. |
Novell Print Services vulnerabilities
Note: Authentication is required to detect this vulnerability |
printer_novelliprtax |
|
|
CVE-2008-2432 |
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. |
Novell Print Services vulnerabilities
Note: Authentication is required to detect this vulnerability |
printer_novelliprtax |
|
|
CVE-2008-2435 |
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. |
Trend Micro vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trendmicrohouseax |
|
|
CVE-2008-2436 |
Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx. |
Novell Print Services vulnerabilities
Note: Authentication is required to detect this vulnerability |
printer_novelliprtax |
|
|
CVE-2008-2437 |
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter. |
Trend Micro OfficeScan
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_cgirecvbo |
|
|
CVE-2008-2438 |
Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow. |
HP Openview vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ovnodemgralarmbo |
|
|
CVE-2008-2463 |
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_snapview |
|
|
CVE-2008-2468 |
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments. |
LANDesk Management Suite vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_landesksuiteqipver |
|
|
CVE-2008-2469 |
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field. |
libspf2 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lib_libspf2 |
|
|
CVE-2008-2470 |
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response. |
Macrovision InstallShield vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_installshieldusagentax |
|
|
CVE-2008-2493 |
Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus Bulletin Board 3.4 allows remote attackers to inject arbitrary web script or HTML via the review parameter. |
Cross site scripting
|
web_prog_asp_campusbulletinboardxss |
|
|
CVE-2008-2499 |
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL. |
Lotus Sametime vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_server_lotus_sametimehttp |
|
|
CVE-2008-2511 |
Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information. |
CA Internet Security Suite vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_caissumxax |
|
|
CVE-2008-2540 |
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. |
Safari vulnerabilities
Internet Explorer vulnerabilities
Windows updates needed
Note: Authentication is required to detect this vulnerability |
web_client_safari
win_patch_ie_v7
win_patch_winkernel |
|
|
CVE-2008-2541 |
Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command. |
CA eTrust Secure Content Manager vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_etrustscm |
|
|
CVE-2008-2550 |
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-2559 |
Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467. |
Interbase detected
Note: Authentication is required to detect this vulnerability |
database_interbasecategory_ver |
|
|
CVE-2008-2587 |
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2588 |
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2589 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2590 |
Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2591 |
Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2592 |
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2593 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2594 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2595 |
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2600 |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to MDSYS.SDO_TOPO_MAP. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2602 |
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to the IMP_FULL_DATABASE role. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2603 |
Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2604 |
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2605. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2605 |
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2604. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2607 |
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2608 |
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote authenticated attack vectors related to SYS.KUPF$FILE_INT. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2609 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2611 |
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2612 |
Unspecified vulnerability in the Hyperion BI Plus component in Oracle Application Server 8.3.2.4, 8.5.0.3, 9.2.0.3, 9.2.1.0, and 9.3.1.0 has unknown impact and remote attack vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2613 |
Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2614 |
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown impact and remote attack vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2619 |
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2623 |
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-2624 |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2625 |
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-2631 |
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
MDaemon vulnerabilities
|
mail_web_mdaemon |
|
|
CVE-2008-2639 |
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. |
Citect SCADA Vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_citectscada_ver |
|
|
CVE-2008-2641 |
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-2662 |
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-2663 |
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-2664 |
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-2665 |
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-2666 |
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-2703 |
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. |
Novell GroupWise vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_web_groupwisemessengercli |
|
|
CVE-2008-2711 |
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2712 |
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2713 |
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx |
|
|
CVE-2008-2714 |
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-2715 |
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-2716 |
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-2720 |
Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-2721 |
Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-2722 |
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-2723 |
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-2724 |
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-2725 |
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-2726 |
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-2739 |
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-2745 |
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method. |
Black Ice Software Image and Document Imaging Development Toolkits vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_blackiceannotationax |
|
|
CVE-2008-2785 |
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2798 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2799 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2800 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2801 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2802 |
Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2803 |
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2805 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2806 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2807 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2808 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2809 |
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2810 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2811 |
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-2812 |
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-2827 |
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. |
perl vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lang_perl |
|
|
CVE-2008-2829 |
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-2830 |
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-2859 |
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." |
SurgeMail vulnerabilities
|
mail_imap_surge |
|
|
CVE-2008-2880 |
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
IBM AFP Viewer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ibmafpviewer |
|
|
CVE-2008-2905 |
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
PHP injection
|
web_prog_php_joomlainclude
web_prog_php_mamboinclude |
|
|
CVE-2008-2908 |
Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information. |
Novell Print Services vulnerabilities
Note: Authentication is required to detect this vulnerability |
printer_novelliprtax |
|
|
CVE-2008-2923 |
Cross-site scripting (XSS) vulnerability in read/search/results in Lyris ListManager 8.8, 8.95, and 9.3d allows remote attackers to inject arbitrary web script or HTML via the words parameter. |
Lyris vulnerabilities
|
mail_misc_listmanagerver |
|
|
CVE-2008-2927 |
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955. |
Gaim vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_gaim |
|
|
CVE-2008-2928 |
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header. |
Red Hat Directory Server vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_redhatdirectorybo
misc_redhatdirectoryver |
|
|
CVE-2008-2929 |
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping. |
Red Hat Directory Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatdirectoryver |
|
|
CVE-2008-2930 |
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. |
Red Hat Directory Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatdirectoryver |
|
|
CVE-2008-2932 |
Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-2929. |
Red Hat Directory Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatfedoradsver |
|
|
CVE-2008-2933 |
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-2934 |
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-2935 |
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." |
libxslt vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lib_libxslt |
|
|
CVE-2008-2938 |
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. |
MacOSX vulnerabilities
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_dev_tomcatver |
|
|
CVE-2008-2939 |
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. |
MacOSX vulnerabilities
Apache module vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_mod_proxyver |
|
|
CVE-2008-2946 |
The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets. |
SNMP to DMI mapper
|
net_snmp_snmpxdmid |
|
|
CVE-2008-2947 |
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-2952 |
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. |
MacOSX vulnerabilities
OpenLDAP vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_macosx_version
misc_openldap
misc_openldapberdos |
|
|
CVE-2008-2955 |
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. |
Gaim vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_gaim |
|
|
CVE-2008-2960 |
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-2992 |
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-3003 |
Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2007
win_patch_office2008macver |
|
|
CVE-2008-3004 |
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excelview
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-3005 |
Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-3006 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." |
Microsoft Office vulnerabilities
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excel2007
win_patch_excelcnv
win_patch_excelview
win_patch_excelview2007
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver
win_patch_sharepoint2007 |
|
|
CVE-2008-3007 |
Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2002
win_patch_office2003
win_patch_office2007
win_patch_officenote |
|
|
CVE-2008-3008 |
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_wmex |
|
|
CVE-2008-3009 |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_wmspn |
|
|
CVE-2008-3010 |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_wmspn |
|
|
CVE-2008-3012 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." |
Microsoft SQL Server
Windows updates needed
Internet Explorer vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql
win_patch_gdiplus08052
win_patch_ie_vmlver6 |
|
|
CVE-2008-3013 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." |
Microsoft SQL Server
Windows updates needed
Internet Explorer vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql
win_patch_gdiplus08052
win_patch_ie_vmlver6 |
|
|
CVE-2008-3014 |
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." |
Microsoft SQL Server
Windows updates needed
Internet Explorer vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql
win_patch_gdiplus08052
win_patch_ie_vmlver6 |
|
|
CVE-2008-3015 |
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." |
Microsoft SQL Server
Internet Explorer vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql
win_patch_ie_vmlver6 |
|
|
CVE-2008-3018 |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officegiffil |
|
|
CVE-2008-3019 |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officegiffil |
|
|
CVE-2008-3020 |
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officegiffil |
|
|
CVE-2008-3021 |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officegiffil |
|
|
CVE-2008-3064 |
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." |
RealPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_realplayer |
|
|
CVE-2008-3066 |
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file. |
RealPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_realplayercategory_importax |
|
|
CVE-2008-3069 |
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-3070 |
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-3071 |
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-3077 |
arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3078 |
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-3079 |
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-3103 |
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3104 |
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3105 |
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3106 |
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3107 |
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3108 |
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3109 |
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3110 |
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3111 |
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-3112 |
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-3113 |
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-3114 |
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-3115 |
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-3137 |
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3138 |
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3139 |
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3140 |
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3141 |
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3142 |
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3143 |
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." |
VMWare ESX vulnerabilities
|
misc_esxbuild |
|
|
CVE-2008-3144 |
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3146 |
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3155 |
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method. |
Panda ActiveScan vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_pandaactivescanver |
|
|
CVE-2008-3156 |
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. |
Panda ActiveScan vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_pandaactivescanver |
|
|
CVE-2008-3159 |
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." |
Novell eDirectory
Note: Authentication is required to detect this vulnerability |
misc_edirectoryncp |
|
|
CVE-2008-3170 |
Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. |
MacOSX vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_client_safari |
|
|
CVE-2008-3171 |
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-3175 |
Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow. |
ARCserve vulnerabilities
|
misc_arcservecategory_lgserverhandshake |
|
|
CVE-2008-3177 |
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. |
Sophos Antivirus vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_sophosvdv |
|
|
CVE-2008-3184 |
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code. |
vBulletin vulnerabilities
|
web_prog_php_vbulletin |
|
|
CVE-2008-3197 |
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-3198 |
Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-3203 |
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. |
AuraCMS vulnerabilities
|
web_prog_php_auracms |
|
|
CVE-2008-3208 |
Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 allows remote attackers to cause a denial of service via multiple DNS reply packets. |
Simple DNS Plus vulnerabilities
Note: Authentication is required to detect this vulnerability |
dns_simplednsplusver |
|
|
CVE-2008-3209 |
Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information. |
Black Ice Software Image and Document Imaging Development Toolkits vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_blackicesdkax |
|
|
CVE-2008-3215 |
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2008-3217 |
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637. |
PowerDNS vulnerabilities
|
dns_powerrecursor |
|
|
CVE-2008-3218 |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3219 |
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3220 |
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3221 |
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3222 |
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3223 |
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields." |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3225 |
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-3226 |
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-3227 |
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-3228 |
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-3234 |
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. |
OpenSSH vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh |
|
|
CVE-2008-3235 |
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-3236 |
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-3246 |
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. |
BlackBerry vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_blackberry_routerver |
|
|
CVE-2008-3249 |
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. |
Lenovo vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_lenovosystemupdatever |
|
|
CVE-2008-3257 |
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. |
WebLogic vulnerabilities
|
web_dev_weblogicapache |
|
|
CVE-2008-3259 |
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. |
OpenSSH vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh |
|
|
CVE-2008-3260 |
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/. |
Claroline vulnerabilities
|
web_prog_php_clarolinever |
|
|
CVE-2008-3261 |
Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
Claroline vulnerabilities
|
web_prog_php_clarolinever |
|
|
CVE-2008-3262 |
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password. |
Claroline vulnerabilities
|
web_prog_php_clarolinever |
|
|
CVE-2008-3263 |
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-3264 |
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-3268 |
Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. |
phpScheduleIt vulnerabilities
|
web_prog_php_scheduleit |
|
|
CVE-2008-3271 |
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. |
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver |
|
|
CVE-2008-3272 |
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3275 |
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3276 |
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3281 |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-3282 |
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice
misc_openofficewin1 |
|
|
CVE-2008-3283 |
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. |
Red Hat Directory Server vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatdirectoryver |
|
|
CVE-2008-3287 |
retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. |
EMC Dantz vulnerabilities
|
misc_retrospectver |
|
|
CVE-2008-3288 |
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords. |
EMC Dantz vulnerabilities
|
misc_retrospectver |
|
|
CVE-2008-3289 |
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. |
EMC Dantz vulnerabilities
|
misc_retrospectver |
|
|
CVE-2008-3290 |
retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version. |
EMC Dantz vulnerabilities
|
misc_retrospectver |
|
|
CVE-2008-3294 |
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3315 |
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374. |
Claroline vulnerabilities
|
web_prog_php_clarolinever |
|
|
CVE-2008-3331 |
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-3332 |
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-3333 |
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-3334 |
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-3337 |
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. |
PowerDNS vulnerabilities
|
dns_powerserver |
|
|
CVE-2008-3363 |
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter. |
Claroline vulnerabilities
|
web_prog_php_dokeosver |
|
|
CVE-2008-3364 |
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information. |
Trend Micro OfficeScan
Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_clientobjax |
|
|
CVE-2008-3395 |
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
AtMail vulnerabilities
|
mail_web_atmail |
|
|
CVE-2008-3408 |
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file. |
CoolPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_coolplayerver |
|
|
CVE-2008-3411 |
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests. |
Axesstel vulnerabilities
|
net_axesstel |
|
|
CVE-2008-3432 |
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3434 |
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. |
iTunes vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_itunes |
|
|
CVE-2008-3443 |
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-3449 |
MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. |
MailEnable vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable
mail_imap_mailenableent |
|
|
CVE-2008-3456 |
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-3457 |
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-3460 |
WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officegiffil |
|
|
CVE-2008-3464 |
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_afdkernelovw |
|
|
CVE-2008-3465 |
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_gdi_03
win_patch_gdi_08
win_patch_gdi_2k
win_patch_gdi_vista
win_patch_gdi_xp |
|
|
CVE-2008-3466 |
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." |
Microsoft Host Integration Server
Note: Authentication is required to detect this vulnerability |
win_patch_hostintrpcauth |
|
|
CVE-2008-3471 |
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excel2007
win_patch_excelcpack
win_patch_excelview
win_patch_excelview2007
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-3472 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-3473 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-3474 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6
win_patch_ie_v7 |
|
|
CVE-2008-3475 |
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6 |
|
|
CVE-2008-3476 |
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6 |
|
|
CVE-2008-3477 |
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excelxp |
|
|
CVE-2008-3479 |
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_msmq3 |
|
|
CVE-2008-3496 |
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3501 |
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Novell GroupWise vulnerabilities
|
mail_web_groupwisever |
|
|
CVE-2008-3519 |
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. |
JBoss Application Server
Note: Authentication is required to detect this vulnerability |
web_dev_jbossasver |
|
|
CVE-2008-3520 |
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. |
Ghostscript vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ghostscriptver |
|
|
CVE-2008-3522 |
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. |
Ghostscript vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ghostscriptver |
|
|
CVE-2008-3526 |
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3527 |
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3529 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. |
MacOSX vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_client_safari |
|
|
CVE-2008-3530 |
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3544 |
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954. |
HP Openview vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
net_openview_nnmovalarmbo
net_openview_nnmovwbo |
|
|
CVE-2008-3558 |
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. |
Cisco Webex Meeting Manager vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_cisco_meetingmanagerax |
|
|
CVE-2008-3600 |
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-3608 |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3609 |
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3610 |
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3611 |
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3613 |
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3614 |
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. |
MacOSX vulnerabilities
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_quicktime |
|
|
CVE-2008-3615 |
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3616 |
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3617 |
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3618 |
The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3619 |
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3621 |
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3622 |
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3623 |
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. |
MacOSX vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_client_safari |
|
|
CVE-2008-3624 |
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3625 |
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3626 |
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3627 |
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3628 |
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3629 |
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3632 |
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-3634 |
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. |
iTunes vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_itunes |
|
|
CVE-2008-3635 |
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-3636 |
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. |
iTunes vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_itunes |
|
|
CVE-2008-3639 |
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count. |
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion |
|
|
CVE-2008-3640 |
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. |
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion |
|
|
CVE-2008-3641 |
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. |
MacOSX vulnerabilities
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
printer_cupsversion |
|
|
CVE-2008-3642 |
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3643 |
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3644 |
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-3645 |
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3646 |
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3647 |
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3651 |
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3652 |
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3655 |
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-3656 |
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-3657 |
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-3658 |
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-3659 |
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-3660 |
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-3662 |
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-3663 |
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3681 |
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-3683 |
Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors. |
Sun ONE Web Proxy
Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_sunone |
|
|
CVE-2008-3691 |
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3692 |
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3693 |
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3694 |
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3695 |
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3696 |
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3697 |
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_serverver |
|
|
CVE-2008-3698 |
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3703 |
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. |
VERITAS Storage vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_symantecscheduler |
|
|
CVE-2008-3704 |
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vstudioaxbo |
|
|
CVE-2008-3734 |
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). |
WS FTP Client vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_wsftpclienthome
ftp_wsftpclientpro |
|
|
CVE-2008-3740 |
Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3741 |
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3742 |
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3743 |
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3744 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3745 |
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-3761 |
hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-3773 |
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). |
vBulletin vulnerabilities
|
web_prog_php_vbulletin |
|
|
CVE-2008-3789 |
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. |
Samba vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
win_samba |
|
|
CVE-2008-3790 |
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion." |
MacOSX vulnerabilities
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
web_dev_ruby |
|
|
CVE-2008-3795 |
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." |
WS FTP Client vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_wsftpclienthome |
|
|
CVE-2008-3798 |
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. |
Cisco SSL vulnerability
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ssl |
|
|
CVE-2008-3799 |
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. |
Cisco vulnerabilities
Cisco SIP vulnerability
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios
net_cisco_sip |
|
|
CVE-2008-3800 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. |
Cisco vulnerabilities
Cisco SIP vulnerability
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios
net_cisco_sip |
|
|
CVE-2008-3801 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. |
Cisco vulnerabilities
Cisco SIP vulnerability
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios
net_cisco_sip |
|
|
CVE-2008-3802 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801. |
Cisco vulnerabilities
Cisco SIP vulnerability
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios
net_cisco_sip |
|
|
CVE-2008-3804 |
Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-3807 |
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests. |
Guessable Write Community
|
net_snmp_write |
|
|
CVE-2008-3808 |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-3809 |
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-3813 |
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_l2tp |
|
|
CVE-2008-3815 |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. |
Cisco firewall vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_asaauth |
|
|
CVE-2008-3816 |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet. |
Cisco firewall vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_asaauth |
|
|
CVE-2008-3817 |
Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator." |
Cisco firewall vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_asaauth |
|
|
CVE-2008-3821 |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. |
Cisco vulnerabilities
Cisco web interface access
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios
net_cisco_xss |
|
|
CVE-2008-3827 |
Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. |
MPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_mplayerver |
|
|
CVE-2008-3831 |
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3835 |
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-3836 |
feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-3837 |
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-3852 |
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-3853 |
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-3854 |
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-3855 |
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-3856 |
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-3857 |
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-3858 |
The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-3862 |
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests." |
Trend Micro OfficeScan
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_cgiformbo |
|
|
CVE-2008-3863 |
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-3864 |
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. |
Trend Micro OfficeScan
Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_officescantmpfw |
|
|
CVE-2008-3865 |
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. |
Trend Micro OfficeScan
Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_officescantmpfw |
|
|
CVE-2008-3866 |
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. |
Trend Micro OfficeScan
Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_officescantmpfw |
|
|
CVE-2008-3869 |
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. |
sadmind
|
rpc_sadmindrpcbo |
|
|
CVE-2008-3870 |
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. |
sadmind
|
rpc_sadmindrpcio |
|
|
CVE-2008-3873 |
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008. |
Flash vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash |
|
|
CVE-2008-3878 |
Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method. |
Ultra Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ultraofficeax |
|
|
CVE-2008-3879 |
The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method. |
Ultra Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ultraofficeax |
|
|
CVE-2008-3886 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. |
dotProject vulnerabilities
|
web_prog_php_dotprojectver |
|
|
CVE-2008-3887 |
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action. |
dotProject vulnerabilities
|
web_prog_php_dotprojectver |
|
|
CVE-2008-3892 |
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_vmcontrollib
misc_vmwarevmcomax |
|
|
CVE-2008-3903 |
Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-3905 |
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. |
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_ruby |
|
|
CVE-2008-3911 |
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3912 |
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-3913 |
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-3914 |
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-3915 |
Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-3930 |
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
Citadel UX vulnerabilities
|
misc_citadel |
|
|
CVE-2008-3932 |
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3933 |
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3934 |
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-3963 |
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. |
MySQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version |
|
|
CVE-2008-3973 |
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3974 |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3975 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3977. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-3976 |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-3413 and CVE-2009-3414. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3977 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-3978 |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3979 |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3980 |
Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3982 |
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3983 |
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3984 |
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3986 |
Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-3987 |
Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-3989 |
Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability, related to DMSYS.ODM_MODEL_UTIL. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3990 |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3991. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3991 |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3990. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3992 |
Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to DMSYS.DBMS_DM_EXP_INTERNAL. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3994 |
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3995 |
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3996 |
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3997 |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-3999 |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-4005 |
Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-4006 |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
Oracle Secure Backup vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_oracle_backupver |
|
|
CVE-2008-4008 |
Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter. |
WebLogic vulnerabilities
|
web_dev_weblogicapachever |
|
|
CVE-2008-4014 |
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
Oracle BPEL Component vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_iasbpel |
|
|
CVE-2008-4015 |
Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-4017 |
Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-4019 |
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." |
Microsoft Office vulnerabilities
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excel2007
win_patch_excelcpack
win_patch_excelview
win_patch_excelview2007
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver
win_patch_sharepoint2007 |
|
|
CVE-2008-4020 |
Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officecdo |
|
|
CVE-2008-4023 |
Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." |
Active Directory vulnerability
Note: Authentication is required to detect this vulnerability |
win_patch_activedirldaprce |
|
|
CVE-2008-4024 |
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_word2000
win_patch_wordxp |
|
|
CVE-2008-4025 |
Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_office2008macver
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-4026 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_office2008macver
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-4027 |
Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-4028 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_office2008macver
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-4029 |
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_xmlcorever |
|
|
CVE-2008-4030 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-4031 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_office2008macver
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-4032 |
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." |
Microsoft sharepoint vulnerabilities
Windows updates needed
Note: Authentication is required to detect this vulnerability |
web_server_sharepointelev
win_patch_sharepointelev |
|
|
CVE-2008-4033 |
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." |
IBM Rational AppScan vulnerabilities
Microsoft Office vulnerabilities
Windows updates needed
Note: Authentication is required to detect this vulnerability |
misc_ibmappscanentver
win_patch_office2007xmlcorever
win_patch_officexmlcorever
win_patch_xmlcorever |
|
|
CVE-2008-4036 |
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_vadint |
|
|
CVE-2008-4037 |
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_credreflect |
|
|
CVE-2008-4038 |
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_smbshare |
|
|
CVE-2008-4045 |
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php. |
AtMail vulnerabilities
|
mail_web_atmail |
|
|
CVE-2008-4058 |
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4059 |
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4060 |
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4061 |
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4062 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4063 |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4064 |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4065 |
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4066 |
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4067 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4068 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4069 |
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-4070 |
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_seamonkey |
|
|
CVE-2008-4096 |
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-4101 |
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4102 |
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-4103 |
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-4104 |
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-4105 |
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-4109 |
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. |
OpenSSH vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh |
|
|
CVE-2008-4111 |
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-4114 |
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." |
Windows updates needed
Note: Authentication is recommended to improve the accuracy of this check |
win_patch_smbmbo |
|
|
CVE-2008-4116 |
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2008-4122 |
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-4129 |
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-4130 |
Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page." |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-4163 |
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. |
DNS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver |
|
|
CVE-2008-4193 |
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter. |
AltN SecurityGateway vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
mail_misc_securitygatewayhttp |
|
|
CVE-2008-4195 |
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4197 |
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4198 |
Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4199 |
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4200 |
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4210 |
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-4211 |
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4212 |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4214 |
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4215 |
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4216 |
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-4217 |
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4218 |
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4219 |
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4220 |
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4221 |
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4222 |
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4223 |
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4224 |
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4225 |
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-4226 |
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-4231 |
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-4234 |
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4236 |
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4237 |
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4242 |
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. |
ProFTPD vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp |
|
|
CVE-2008-4250 |
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." |
Windows updates needed
Note: Authentication is recommended to improve the accuracy of this check |
win_patch_servserv08067 |
|
|
CVE-2008-4252 |
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vsdatagridax |
|
|
CVE-2008-4253 |
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vsflexgridax |
|
|
CVE-2008-4254 |
Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vshiergridax |
|
|
CVE-2008-4255 |
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vscommonax |
|
|
CVE-2008-4256 |
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vschrtctlax |
|
|
CVE-2008-4258 |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 |
|
|
CVE-2008-4259 |
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 |
|
|
CVE-2008-4260 |
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 |
|
|
CVE-2008-4261 |
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6 |
|
|
CVE-2008-4264 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excel2007
win_patch_excelcpack
win_patch_excelview
win_patch_excelview2007
win_patch_excelxp |
|
|
CVE-2008-4265 |
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-4266 |
Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel2000
win_patch_excel2003
win_patch_excelview
win_patch_excelxp
win_patch_office2004macver
win_patch_office2008macver |
|
|
CVE-2008-4268 |
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_explorer1 |
|
|
CVE-2008-4269 |
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_explorer1 |
|
|
CVE-2008-4283 |
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-4284 |
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-4293 |
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4296 |
The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. |
Linksys Firmware
|
net_fwlinksys |
|
|
CVE-2008-4298 |
Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2008-4307 |
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-4308 |
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. |
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver |
|
|
CVE-2008-4309 |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. |
VMWare ESX vulnerabilities
MacOSX vulnerabilities
Net SNMP vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_esxbuild
misc_macosx_version
net_snmp_snmpver |
|
|
CVE-2008-4314 |
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. |
Samba vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
win_samba |
|
|
CVE-2008-4316 |
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. |
VMWare ESX vulnerabilities
|
misc_esxbuild |
|
|
CVE-2008-4321 |
Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command. |
FlashGet vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_flashgetver |
|
|
CVE-2008-4322 |
Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet. |
DATAC Control RealWin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_datacrealwinscadabo |
|
|
CVE-2008-4324 |
The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-4340 |
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. |
Google Chrome vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_googlechrome |
|
|
CVE-2008-4359 |
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2008-4360 |
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2008-4384 |
Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods. |
iseemedia LPViewer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_iseemedialpviewerax |
|
|
CVE-2008-4387 |
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. |
SAP GUI vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_sapguimdrm |
|
|
CVE-2008-4388 |
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. |
Symantec AppStream vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_appstreamclientax |
|
|
CVE-2008-4395 |
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-4398 |
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. |
ARCserve vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_tape |
|
|
CVE-2008-4399 |
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." |
ARCserve vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_dbengine |
|
|
CVE-2008-4401 |
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file. |
Flash vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash |
|
|
CVE-2008-4409 |
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-4412 |
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors. |
Compaq Insight Manager http server
|
web_tool_cim |
|
|
CVE-2008-4413 |
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions. |
HP SMH vulnerabilities
|
web_tool_hpsmh |
|
|
CVE-2008-4437 |
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element. |
Bugzilla vulnerabilities
|
web_prog_cgi_bugzilla |
|
|
CVE-2008-4449 |
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message. |
mIRC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_mircver |
|
|
CVE-2008-4456 |
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4472 |
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. |
Autodesk vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_autodeskliveupdateax |
|
|
CVE-2008-4478 |
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. |
Novell eDirectory HTTP
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_tool_edirectoryhttpbo |
|
|
CVE-2008-4479 |
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. |
Novell eDirectory HTTP
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_tool_edirectorysoapbo |
|
|
CVE-2008-4480 |
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. |
Novell eDirectory
Note: Authentication is required to detect this vulnerability |
misc_edirectoryver |
|
|
CVE-2008-4500 |
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". |
Serv U vulnerabilities
|
ftp_servu |
|
|
CVE-2008-4501 |
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. |
Serv U vulnerabilities
|
ftp_servu |
|
|
CVE-2008-4503 |
The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." |
Flash vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash |
|
|
CVE-2008-4514 |
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. |
Konqueror vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_konqueror |
|
|
CVE-2008-4521 |
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. |
PHP Fusion vulnerabilities
|
web_prog_php_fusionver |
|
|
CVE-2008-4541 |
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. |
Sun ONE Web Proxy
Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_sunone |
|
|
CVE-2008-4546 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. |
Flash vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash |
|
|
CVE-2008-4552 |
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. |
VMWare ESX vulnerabilities
|
misc_esxbuild |
|
|
CVE-2008-4554 |
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-4556 |
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. |
sadmind
|
rpc_sadmindbo |
|
|
CVE-2008-4558 |
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-4562 |
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205. |
HP Openview vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
net_ovlaunch |
|
|
CVE-2008-4563 |
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value. |
Tivoli Storage Manager
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_tivolicategory_storagemgr |
|
|
CVE-2008-4564 |
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. |
Lotus Notes email client vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_noteswpdver |
|
|
CVE-2008-4572 |
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow. |
GuildFTPd vulnerabilities
|
ftp_guildftpd |
|
|
CVE-2008-4588 |
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command. |
Eserv FTPd Vulnerabilities
|
ftp_eserv |
|
|
CVE-2008-4609 |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. |
Cisco vulnerabilities
Windows updates needed
Note: Authentication is recommended to improve the accuracy of this check |
net_cisco_ios
win_patch_tcpiprce3 |
|
|
CVE-2008-4618 |
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-4654 |
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-4678 |
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-4679 |
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. |
WebSphere vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever |
|
|
CVE-2008-4680 |
packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-4681 |
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-4682 |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-4683 |
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-4684 |
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-4685 |
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-4686 |
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-4687 |
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-4688 |
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-4689 |
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2008-4691 |
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-4692 |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-4693 |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-4694 |
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4696 |
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4697 |
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4698 |
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4710 |
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-4725 |
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4726 |
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters. |
GoodTech SSH vulnerabilities
Note: Authentication is required to detect this vulnerability |
shell_ssh_goodtech |
|
|
CVE-2008-4728 |
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. |
Hummingbird Connectivity vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_hummingbirddeployrun |
|
|
CVE-2008-4729 |
Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property. NOTE: code execution might not be possible in 13.0. |
Hummingbird Connectivity vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_hummingbirdhostexp |
|
|
CVE-2008-4762 |
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters. |
wodSSHServer vulnerabilities
|
shell_ssh_wod |
|
|
CVE-2008-4775 |
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-4789 |
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-4790 |
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-4791 |
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-4792 |
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-4793 |
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-4794 |
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4795 |
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-4796 |
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. |
Nagios vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_tool_nagiosver |
|
|
CVE-2008-4800 |
The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. |
DebugDiag vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_debugdiagax |
|
|
CVE-2008-4801 |
Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. |
Tivoli Storage Manager
Note: Authentication is required to detect this vulnerability |
misc_tivolicategory_storageclientver |
|
|
CVE-2008-4812 |
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-4813 |
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-4814 |
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-4815 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. |
Adobe Acrobat vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_acrobat
misc_acroread |
|
|
CVE-2008-4818 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-4819 |
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-4820 |
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-4821 |
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-4822 |
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-4823 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. |
Flash vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version |
|
|
CVE-2008-4824 |
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2008-4827 |
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions. |
SAP GUI vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_sapguitaboneax |
|
|
CVE-2008-4828 |
Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI. |
Tivoli Storage Manager
Note: Authentication is required to detect this vulnerability |
misc_tivolicategory_storageclientver |
|
|
CVE-2008-4831 |
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. |
http Cold Fusion
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx |
|
|
CVE-2008-4834 |
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." |
Windows updates needed
Note: Authentication is recommended to improve the accuracy of this check |
win_patch_smbmbo |
|
|
CVE-2008-4835 |
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." |
Windows updates needed
Note: Authentication is recommended to improve the accuracy of this check |
win_patch_smbmbo |
|
|
CVE-2008-4837 |
Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." |
Microsoft Works vulnerabilities
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_msworks08072
win_patch_word2000
win_patch_word2003
win_patch_word2007
win_patch_wordcompack
win_patch_wordview2003
win_patch_wordxp |
|
|
CVE-2008-4841 |
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_word97 |
|
|
CVE-2008-4844 |
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5
win_patch_ie_v6
win_patch_ie_v7
win_patch_ie_v8 |
|
|
CVE-2008-4864 |
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. |
MacOSX vulnerabilities
Python vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_python |
|
|
CVE-2008-4910 |
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-4915 |
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-4916 |
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-4917 |
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. |
VMware vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vmware_acever
misc_vmware_serverver
misc_vmwareplayerver
misc_vmwarewkstnver |
|
|
CVE-2008-4928 |
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-4929 |
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-4930 |
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-4933 |
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-4934 |
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-4937 |
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice |
|
|
CVE-2008-4963 |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2008-5005 |
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program. |
imap version
|
mail_imap_uwver |
|
|
CVE-2008-5006 |
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code. |
imap version
|
mail_imap_uwver |
|
|
CVE-2008-5012 |
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5013 |
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5014 |
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5015 |
Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-5016 |
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5017 |
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5018 |
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5019 |
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-5021 |
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5022 |
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5023 |
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5024 |
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5025 |
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5027 |
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. |
Nagios vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_tool_nagiosver |
|
|
CVE-2008-5028 |
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. |
Nagios vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_tool_nagiosver |
|
|
CVE-2008-5029 |
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. |
VMWare ESX vulnerabilities
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_esxbuild
misc_linuxkernel |
|
|
CVE-2008-5031 |
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. |
MacOSX vulnerabilities
Python vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version
misc_python |
|
|
CVE-2008-5032 |
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-5033 |
The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5036 |
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-5039 |
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php. |
Cross site scripting
|
web_prog_php_nuketidxss |
|
|
CVE-2008-5050 |
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow. |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-5052 |
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5073 |
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method. |
Novell ZENworks vulnerability
Note: Authentication is required to detect this vulnerability |
misc_zenworksdesktopax |
|
|
CVE-2008-5077 |
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. |
MacOSX vulnerabilities
OpenSSL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
misc_openssl |
|
|
CVE-2008-5079 |
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5082 |
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. |
Red Hat Certificate System vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_redhatcsver |
|
|
CVE-2008-5098 |
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904. |
Sun Java System Messaging Server vulnerabilities
|
mail_smtp_sjsms |
|
|
CVE-2008-5134 |
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response." |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5160 |
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error." |
MyServer vulnerabilities
|
web_server_myserver |
|
|
CVE-2008-5161 |
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. |
MacOSX vulnerabilities
March Networks Products Vulnerabilities
SSH CBC ciphers
OpenSSH vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
net_marchnvdver
shell_ssh_cbc
shell_ssh_openssh |
|
|
CVE-2008-5178 |
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-5182 |
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5183 |
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. |
MacOSX vulnerabilities
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
printer_cupsversion |
|
|
CVE-2008-5249 |
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
MediaWiki vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki |
|
|
CVE-2008-5250 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. |
MediaWiki vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki |
|
|
CVE-2008-5260 |
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. |
Axis vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_axiscameraax |
|
|
CVE-2008-5276 |
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. |
VLC vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vlc |
|
|
CVE-2008-5277 |
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. |
PowerDNS vulnerabilities
|
dns_powerserver |
|
|
CVE-2008-5278 |
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2008-5281 |
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. |
Titan FTP vulnerabilities
|
ftp_titan |
|
|
CVE-2008-5285 |
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_wireshark |
|
|
CVE-2008-5286 |
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. |
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion |
|
|
CVE-2008-5296 |
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2008-5300 |
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. |
VMWare ESX vulnerabilities
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_esxbuild
misc_linuxkernel |
|
|
CVE-2008-5302 |
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. |
VMWare ESX vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_esxbuild
misc_macosx_version |
|
|
CVE-2008-5303 |
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. |
VMWare ESX vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_esxbuild
misc_macosx_version |
|
|
CVE-2008-5304 |
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. |
TWiki vulnerabilities
|
web_prog_cgi_twikiver |
|
|
CVE-2008-5305 |
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. |
TWiki vulnerabilities
|
web_prog_cgi_twikiver |
|
|
CVE-2008-5314 |
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-5335 |
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459. |
PHP Fusion vulnerabilities
|
web_prog_php_fusionver |
|
|
CVE-2008-5339 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-5340 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-5341 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-5342 |
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-5343 |
Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-5344 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2008-5345 |
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5346 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5347 |
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5348 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5349 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5350 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5351 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5352 |
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5353 |
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5354 |
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5355 |
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5356 |
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5357 |
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5358 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5359 |
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5360 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_jre
web_dev_jdk |
|
|
CVE-2008-5377 |
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. |
CUPS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion |
|
|
CVE-2008-5381 |
Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL. |
ffdshow vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_ffdshowver |
|
|
CVE-2008-5401 |
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2008-5402 |
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2008-5403 |
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2008-5407 |
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. |
Veritas Backup Exec
Note: Authentication is required to detect this vulnerability |
misc_symantecbackupbypass |
|
|
CVE-2008-5409 |
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information. |
Bit Defender vulnerability
Note: Authentication is required to detect this vulnerability |
misc_av_bitdefenderpdf |
|
|
CVE-2008-5416 |
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability." |
Microsoft SQL Server
Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql |
|
|
CVE-2008-5436 |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-5437 |
Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-5438 |
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2008-5439 |
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2008-5440 |
Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module. |
Oracle TimesTen InMemory vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
database_oracle_timestencgifs |
|
|
CVE-2008-5441 |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5442 and CVE-2008-5443. |
Oracle Secure Backup vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
database_oracle_backupndmpdos
database_oracle_backupver |
|
|
CVE-2008-5444 |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449. |
Oracle Secure Backup vulnerabilities
Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
database_oracle_backupndmpbo
database_oracle_backupver |
|
|
CVE-2008-5448 |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449. |
Oracle Secure Backup vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_oracle_backupver |
|
|
CVE-2008-5449 |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5448. |
Oracle Secure Backup vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_oracle_backupver |
|
|
CVE-2008-5457 |
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
WebLogic vulnerabilities
|
web_dev_weblogicapachebo
web_dev_weblogicapachever |
|
|
CVE-2008-5498 |
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-5499 |
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file. |
Flash vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash |
|
|
CVE-2008-5500 |
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5501 |
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5502 |
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5503 |
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5504 |
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-5505 |
Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-5506 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5507 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5508 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5510 |
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5511 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5512 |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5513 |
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2008-5515 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. |
VMWare ESX vulnerabilities
MacOSX vulnerabilities
Apache Tomcat vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_esxbuild
misc_macosx_version
web_dev_tomcatver |
|
|
CVE-2008-5519 |
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. |
Apache Tomcat vulnerabilities
Apache module vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver
web_mod_jkver |
|
|
CVE-2008-5550 |
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. |
Java Web Console vulnerabilities
|
web_tool_javawebconsolever |
|
|
CVE-2008-5557 |
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
web_prog_php_version |
|
|
CVE-2008-5558 |
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2008-5587 |
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php. |
phpPgAdmin vulnerabilities
|
web_prog_php_pgadmin2 |
|
|
CVE-2008-5616 |
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. |
MPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_mplayerver |
|
|
CVE-2008-5621 |
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-5625 |
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2008-5626 |
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument. |
XM FTP vulnerabilities
|
ftp_xm |
|
|
CVE-2008-5642 |
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie. |
CMSSimple vulnerabilities
|
web_cms_simpledirtrav |
|
|
CVE-2008-5671 |
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
Joomla vulnerabilities
|
web_prog_php_joomlaver |
|
|
CVE-2008-5679 |
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera9 |
|
|
CVE-2008-5686 |
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. |
Tivoli Provisioning Manager vulnerabilities
|
misc_tivolipm |
|
|
CVE-2008-5698 |
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. |
Konqueror vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_konqueror |
|
|
CVE-2008-5700 |
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5702 |
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5713 |
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|
|
CVE-2008-5731 |
The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse." NOTE: some of these details are obtained from third party information. |
PGP Desktop vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_pgpdesktopver |
|
|
CVE-2008-5734 |
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. |
IceWarp vulnerabilities
|
mail_web_icewarp |
|
|
CVE-2008-5760 |
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. |
Kerio MailServer vulnerabilities
|
mail_web_kerio |
|
|
CVE-2008-5769 |
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. |
Kerio MailServer vulnerabilities
|
mail_web_kerio |
|
|
CVE-2008-5821 |
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. |
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_safari |
|
|
CVE-2008-5911 |
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request. |
RealServer vulnerabilities
|
misc_helixmobileserver
misc_helixserver
misc_helixserverbo |
|
|
CVE-2008-5913 |
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2008-6082 |
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. |
Titan FTP vulnerabilities
|
ftp_titan |
|
|
CVE-2008-6123 |
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." |
Net SNMP vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_snmp_snmpver |
|
|
CVE-2008-6170 |
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-6171 |
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-6219 |
nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. |
Legato NetWorker vulnerabilities
Note: Authentication is required to detect this vulnerability |
rpc_legatocategory_version |
|
|
CVE-2008-6255 |
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php. |
vBulletin vulnerabilities
|
web_prog_sql_vbulletin |
|
|
CVE-2008-6266 |
SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. |
SQL injection
|
web_prog_sql_phpwebsitelinks |
|
|
CVE-2008-6280 |
Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. |
Linksys Firmware
|
net_fwlinksys |
|
|
CVE-2008-6399 |
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. |
DotNetNuke vulnerabilities
|
web_prog_asp_dotnetnukever |
|
|
CVE-2008-6415 |
Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname. |
CCProxy vulnerabilities
|
web_proxy_ccproxybo |
|
|
CVE-2008-6504 |
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. |
Apache Struts vulnerabilities
|
web_dev_strutsdt |
|
|
CVE-2008-6505 |
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x. |
Apache Struts vulnerabilities
|
web_dev_strutsdt |
|
|
CVE-2008-6508 |
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI. |
Openfire Jabber Server vulnerabilities
|
misc_openfirejabberbypass |
|
|
CVE-2008-6509 |
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp. |
Openfire Jabber Server vulnerabilities
|
misc_openfirejabberver |
|
|
CVE-2008-6510 |
Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
Openfire Jabber Server vulnerabilities
|
misc_openfirejabberver |
|
|
CVE-2008-6531 |
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." |
Atlassian JIRA vulnerabilities
|
web_prog_jsp_jira |
|
|
CVE-2008-6532 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-6533 |
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2008-6680 |
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2008-6681 |
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element. |
Dojo Toolkit vulnerabilities
|
web_lib_dojotoolkit |
|
|
CVE-2008-6747 |
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. |
dotProject vulnerabilities
|
web_prog_php_dotprojectver |
|
|
CVE-2008-6821 |
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. |
DB2 vulnerabilities
|
database_db2ver |
|
|
CVE-2008-6828 |
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. |
Altiris vulnerabilities
|
misc_av_symantec_altirisver |
|
|
CVE-2008-6831 |
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment"). |
Atlassian JIRA vulnerabilities
|
web_prog_jsp_jira |
|
|
CVE-2008-6832 |
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Atlassian JIRA vulnerabilities
|
web_prog_jsp_jira |
|
|
CVE-2008-6879 |
Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. |
Cross site scripting
|
web_server_apache_roller |
|
|
CVE-2008-6884 |
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/. |
vulnerable web program
|
web_prog_php_xoops5 |
|
|
CVE-2008-6885 |
Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. |
vulnerable web program
|
web_prog_php_xoops5 |
|
|
CVE-2008-6893 |
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. |
MDaemon vulnerabilities
|
mail_web_mdaemonversion |
|
|
CVE-2008-6903 |
Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. |
Sophos Antivirus vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_sophosenginever |
|
|
CVE-2008-6904 |
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. |
Sophos Antivirus vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_sophosenginever |
|
|
CVE-2008-6922 |
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp. |
CMailServer vulnerability
|
mail_web_cmailservercom |
|
|
CVE-2008-6967 |
Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893. |
MDaemon vulnerabilities
|
mail_web_mdaemonversion |
|
|
CVE-2008-7002 |
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2008-7009 |
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information. |
ZoneAlarm vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_firewall_za_issver |
|
|
CVE-2008-7078 |
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. |
Rumpus vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_rumpus
ftp_rumpushttpdos |
|
|
CVE-2008-7082 |
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2008-7122 |
Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods. |
Registry Pro vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_regproax |
|
|
CVE-2008-7136 |
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. |
AOL ICQ vulnerability
Note: Authentication is required to detect this vulnerability |
misc_aol_icqtoolbar |
|
|
CVE-2008-7218 |
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. |
Horde application vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_hordekrono
web_prog_php_hordemnemo
web_prog_php_hordenag
web_prog_php_hordeturba |
|
|
CVE-2008-7219 |
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. |
Horde application vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_hordekrono
web_prog_php_hordemnemo
web_prog_php_hordenag
web_prog_php_hordeturba |
|
|
CVE-2008-7247 |
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. |
MySQL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version
misc_macosx_version |
|
|
CVE-2008-7251 |
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-7252 |
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2008-7257 |
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. |
Cisco web interface access
|
net_cisco_asarespsplit |
|
|
CVE-2008-7265 |
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. |
ProFTPD vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp |
|
|
CVE-2008-7270 |
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. |
VMWare ESX vulnerabilities
|
misc_esxbuild |
|
|
CVE-2008-7316 |
mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. |
Linux Kernel vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_linuxkernel |
|