| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5157 | 0.00 | — | 0.00 | Nov 18, 2008 | tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts. | |||
| CVE-2008-5156 | 0.00 | — | 0.00 | Nov 18, 2008 | si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file. | |||
| CVE-2008-5155 | 0.00 | — | 0.01 | Nov 18, 2008 | mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file. | |||
| CVE-2008-5154 | 0.00 | — | 0.00 | Nov 18, 2008 | bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file. | |||
| CVE-2008-5153 | 0.00 | — | 0.00 | Nov 18, 2008 | spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file. | |||
| CVE-2008-5152 | 0.00 | — | 0.00 | Nov 18, 2008 | inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file. | |||
| CVE-2008-5151 | 0.00 | — | 0.00 | Nov 18, 2008 | test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | |||
| CVE-2008-5150 | 0.00 | — | 0.00 | Nov 18, 2008 | sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file. | |||
| CVE-2008-5149 | 0.00 | — | 0.00 | Nov 18, 2008 | fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | |||
| CVE-2008-5148 | 0.00 | — | 0.00 | Nov 18, 2008 | sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | |||
| CVE-2008-5147 | 0.00 | — | 0.00 | Nov 18, 2008 | test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file. | |||
| CVE-2008-5146 | 0.00 | — | 0.00 | Nov 18, 2008 | add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file. | |||
| CVE-2008-5145 | 0.00 | — | 0.00 | Nov 18, 2008 | ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file. | |||
| CVE-2008-5144 | 0.00 | — | 0.00 | Nov 18, 2008 | nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file. | |||
| CVE-2008-5143 | 0.00 | — | 0.00 | Nov 18, 2008 | mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file. | |||
| CVE-2008-5142 | 0.00 | — | 0.00 | Nov 18, 2008 | sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file. | |||
| CVE-2008-5141 | 0.00 | — | 0.00 | Nov 18, 2008 | flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file. | |||
| CVE-2008-5140 | 0.00 | — | 0.00 | Nov 18, 2008 | trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file. | |||
| CVE-2008-5139 | 0.00 | — | 0.00 | Nov 18, 2008 | updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file. | |||
| CVE-2008-5138 | 0.00 | — | 0.00 | Nov 18, 2008 | passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file. | |||
| CVE-2008-5137 | 0.00 | — | 0.00 | Nov 18, 2008 | tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file. | |||
| CVE-2008-5136 | 0.00 | — | 0.00 | Nov 18, 2008 | tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file. | |||
| CVE-2008-5135 | 0.00 | — | 0.00 | Nov 18, 2008 | os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i… | |||
| CVE-2008-5134 | 0.00 | — | 0.05 | Nov 18, 2008 | Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response." | |||
| CVE-2008-5133 | 0.00 | — | 0.02 | Nov 18, 2008 | ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass… | |||
| CVE-2008-5132 | 0.03 | — | 0.02 | Nov 18, 2008 | SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||
| CVE-2008-5131 | 0.03 | — | 0.01 | Nov 18, 2008 | Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php). | |||
| CVE-2008-5130 | 0.00 | — | 0.01 | Nov 18, 2008 | Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | |||
| CVE-2008-5129 | 0.00 | — | 0.01 | Nov 18, 2008 | Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. | |||
| CVE-2008-5128 | 0.00 | — | 0.01 | Nov 18, 2008 | Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | |||
| CVE-2008-5127 | 0.00 | — | 0.01 | Nov 18, 2008 | Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. | |||
| CVE-2008-5126 | 0.03 | — | 0.01 | Nov 18, 2008 | Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | |||
| CVE-2008-5125 | 0.03 | — | 0.02 | Nov 18, 2008 | admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | |||
| CVE-2008-5124 | 0.00 | — | 0.02 | Nov 18, 2008 | JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks. | |||
| CVE-2008-5123 | 0.03 | — | 0.01 | Nov 18, 2008 | SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||
| CVE-2008-5122 | 0.00 | — | 0.01 | Nov 18, 2008 | SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter. | |||
| CVE-2008-5121 | 0.03 | — | 0.01 | Nov 18, 2008 | dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl… | |||
| CVE-2008-5120 | 0.04 | — | 0.10 | Nov 18, 2008 | Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | |||
| CVE-2008-5119 | 0.00 | — | 0.01 | Nov 18, 2008 | Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||
| CVE-2008-5118 | 0.00 | — | 0.02 | Nov 18, 2008 | Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." | |||
| CVE-2008-5117 | 0.00 | — | 0.03 | Nov 18, 2008 | Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2008-5116 | 0.00 | — | 0.04 | Nov 18, 2008 | Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter. | |||
| CVE-2008-5115 | 0.03 | — | 0.03 | Nov 18, 2008 | Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. | |||
| CVE-2008-5114 | 0.00 | — | 0.02 | Nov 18, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-5113 | 0.00 | — | 0.01 | Nov 17, 2008 | WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user… | |||
| CVE-2008-5112 | 0.05 | — | 0.20 | Nov 17, 2008 | The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a… | |||
| CVE-2008-5111 | 0.00 | — | 0.00 | Nov 17, 2008 | Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function. | |||
| CVE-2008-5025 | 0.00 | — | 0.03 | Nov 17, 2008 | Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a… | |||
| CVE-2008-4832 | 0.00 | — | 0.00 | Nov 17, 2008 | rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE:… | |||
| CVE-2008-4415 | 0.00 | — | 0.04 | Nov 17, 2008 | Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. |
- CVE-2008-5157Nov 18, 2008risk 0.00cvss —epss 0.00
tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.
- CVE-2008-5156Nov 18, 2008risk 0.00cvss —epss 0.00
si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.
- CVE-2008-5155Nov 18, 2008risk 0.00cvss —epss 0.01
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.
- CVE-2008-5154Nov 18, 2008risk 0.00cvss —epss 0.00
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.
- CVE-2008-5153Nov 18, 2008risk 0.00cvss —epss 0.00
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
- CVE-2008-5152Nov 18, 2008risk 0.00cvss —epss 0.00
inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.
- CVE-2008-5151Nov 18, 2008risk 0.00cvss —epss 0.00
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
- CVE-2008-5150Nov 18, 2008risk 0.00cvss —epss 0.00
sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
- CVE-2008-5149Nov 18, 2008risk 0.00cvss —epss 0.00
fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
- CVE-2008-5148Nov 18, 2008risk 0.00cvss —epss 0.00
sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
- CVE-2008-5147Nov 18, 2008risk 0.00cvss —epss 0.00
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
- CVE-2008-5146Nov 18, 2008risk 0.00cvss —epss 0.00
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
- CVE-2008-5145Nov 18, 2008risk 0.00cvss —epss 0.00
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
- CVE-2008-5144Nov 18, 2008risk 0.00cvss —epss 0.00
nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.
- CVE-2008-5143Nov 18, 2008risk 0.00cvss —epss 0.00
mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file.
- CVE-2008-5142Nov 18, 2008risk 0.00cvss —epss 0.00
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.
- CVE-2008-5141Nov 18, 2008risk 0.00cvss —epss 0.00
flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
- CVE-2008-5140Nov 18, 2008risk 0.00cvss —epss 0.00
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
- CVE-2008-5139Nov 18, 2008risk 0.00cvss —epss 0.00
updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.
- CVE-2008-5138Nov 18, 2008risk 0.00cvss —epss 0.00
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
- CVE-2008-5137Nov 18, 2008risk 0.00cvss —epss 0.00
tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
- CVE-2008-5136Nov 18, 2008risk 0.00cvss —epss 0.00
tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
- CVE-2008-5135Nov 18, 2008risk 0.00cvss —epss 0.00
os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i…
- CVE-2008-5134Nov 18, 2008risk 0.00cvss —epss 0.05
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
- CVE-2008-5133Nov 18, 2008risk 0.00cvss —epss 0.02
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass…
- CVE-2008-5132Nov 18, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
- CVE-2008-5131Nov 18, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
- CVE-2008-5130Nov 18, 2008risk 0.00cvss —epss 0.01
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
- CVE-2008-5129Nov 18, 2008risk 0.00cvss —epss 0.01
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
- CVE-2008-5128Nov 18, 2008risk 0.00cvss —epss 0.01
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
- CVE-2008-5127Nov 18, 2008risk 0.00cvss —epss 0.01
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
- CVE-2008-5126Nov 18, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
- CVE-2008-5125Nov 18, 2008risk 0.03cvss —epss 0.02
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
- CVE-2008-5124Nov 18, 2008risk 0.00cvss —epss 0.02
JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
- CVE-2008-5123Nov 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
- CVE-2008-5122Nov 18, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.
- CVE-2008-5121Nov 18, 2008risk 0.03cvss —epss 0.01
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl…
- CVE-2008-5120Nov 18, 2008risk 0.04cvss —epss 0.10
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
- CVE-2008-5119Nov 18, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
- CVE-2008-5118Nov 18, 2008risk 0.00cvss —epss 0.02
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
- CVE-2008-5117Nov 18, 2008risk 0.00cvss —epss 0.03
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- CVE-2008-5116Nov 18, 2008risk 0.00cvss —epss 0.04
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.
- CVE-2008-5115Nov 18, 2008risk 0.03cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
- CVE-2008-5114Nov 18, 2008risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-5113Nov 17, 2008risk 0.00cvss —epss 0.01
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user…
- CVE-2008-5112Nov 17, 2008risk 0.05cvss —epss 0.20
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a…
- CVE-2008-5111Nov 17, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function.
- CVE-2008-5025Nov 17, 2008risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a…
- CVE-2008-4832Nov 17, 2008risk 0.00cvss —epss 0.00
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE:…
- CVE-2008-4415Nov 17, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.