| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4099 | 0.00 | — | 0.02 | Sep 18, 2008 | PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||
| CVE-2008-4118 | 0.00 | — | 0.01 | Sep 18, 2008 | Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-4117 | 0.00 | — | 0.02 | Sep 18, 2008 | Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||
| CVE-2008-4116 | 0.04 | — | 0.12 | Sep 18, 2008 | Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly… | |||
| CVE-2008-4109 | 0.02 | — | 0.29 | Sep 18, 2008 | A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of… | |||
| CVE-2008-4098 | 0.00 | — | 0.02 | Sep 18, 2008 | MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables… | |||
| CVE-2008-4097 | 0.00 | — | 0.02 | Sep 18, 2008 | MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory,… | |||
| CVE-2008-4096 | 0.04 | — | 0.11 | Sep 18, 2008 | libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. | |||
| CVE-2008-3961 | 0.00 | — | 0.05 | Sep 18, 2008 | Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file. | |||
| CVE-2008-3195 | 0.04 | — | 0.08 | Sep 18, 2008 | Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via… | |||
| CVE-2008-2468 | 0.01 | — | 0.10 | Sep 18, 2008 | Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments. | |||
| CVE-2008-1093 | 0.00 | — | 0.02 | Sep 18, 2008 | Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules. | |||
| CVE-2008-4115 | 0.03 | — | 0.03 | Sep 16, 2008 | TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||
| CVE-2008-4114 | 0.07 | — | 0.49 | Sep 16, 2008 | srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet… | |||
| CVE-2008-4113 | 0.03 | — | 0.01 | Sep 16, 2008 | The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel… | |||
| CVE-2008-4111 | 0.00 | — | 0.02 | Sep 16, 2008 | Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors. | |||
| CVE-2008-3950 | 0.04 | — | 0.07 | Sep 16, 2008 | Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an… | |||
| CVE-2008-3622 | 0.00 | — | 0.02 | Sep 16, 2008 | Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." | |||
| CVE-2008-3621 | 0.00 | — | 0.06 | Sep 16, 2008 | VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. | |||
| CVE-2008-3619 | 0.00 | — | 0.00 | Sep 16, 2008 | Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | |||
| CVE-2008-3618 | 0.00 | — | 0.02 | Sep 16, 2008 | The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files… | |||
| CVE-2008-3617 | 0.00 | — | 0.01 | Sep 16, 2008 | Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed… | |||
| CVE-2008-3616 | 0.00 | — | 0.04 | Sep 16, 2008 | Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API… | |||
| CVE-2008-3613 | 0.00 | — | 0.01 | Sep 16, 2008 | Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | |||
| CVE-2008-3611 | 0.00 | — | 0.00 | Sep 16, 2008 | Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering… | |||
| CVE-2008-3610 | 0.00 | — | 0.02 | Sep 16, 2008 | Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an… | |||
| CVE-2008-3609 | 0.00 | — | 0.00 | Sep 16, 2008 | The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | |||
| CVE-2008-3608 | 0.00 | — | 0.03 | Sep 16, 2008 | ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. | |||
| CVE-2008-2332 | 0.00 | — | 0.03 | Sep 16, 2008 | ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. | |||
| CVE-2008-2331 | 0.00 | — | 0.01 | Sep 16, 2008 | Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an… | |||
| CVE-2008-2330 | 0.00 | — | 0.00 | Sep 16, 2008 | slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||
| CVE-2008-2329 | 0.00 | — | 0.00 | Sep 16, 2008 | Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | |||
| CVE-2008-2312 | 0.00 | — | 0.00 | Sep 16, 2008 | Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | |||
| CVE-2008-2305 | 0.00 | — | 0.05 | Sep 16, 2008 | Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." | |||
| CVE-2008-4110 | 0.01 | — | 0.18 | Sep 16, 2008 | Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second… | |||
| CVE-2008-2437 | 0.01 | — | 0.07 | Sep 16, 2008 | Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long… | |||
| CVE-2008-4095 | 0.00 | — | 0.02 | Sep 16, 2008 | Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713. | |||
| CVE-2008-4093 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||
| CVE-2008-4092 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. | |||
| CVE-2008-4091 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | |||
| CVE-2008-4090 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672. | |||
| CVE-2008-4089 | 0.03 | — | 0.02 | Sep 15, 2008 | Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||
| CVE-2008-4088 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||
| CVE-2008-4087 | 0.03 | — | 0.03 | Sep 15, 2008 | Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field. | |||
| CVE-2008-4086 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | |||
| CVE-2008-4085 | 0.00 | — | 0.00 | Sep 15, 2008 | plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. | |||
| CVE-2008-4084 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. | |||
| CVE-2008-4083 | 0.03 | — | 0.01 | Sep 15, 2008 | Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party… | |||
| CVE-2008-4082 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. | |||
| CVE-2008-4081 | 0.03 | — | 0.03 | Sep 15, 2008 | admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. |
- CVE-2008-4099Sep 18, 2008risk 0.00cvss —epss 0.02
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
- CVE-2008-4118Sep 18, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-4117Sep 18, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
- CVE-2008-4116Sep 18, 2008risk 0.04cvss —epss 0.12
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly…
- CVE-2008-4109Sep 18, 2008risk 0.02cvss —epss 0.29
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of…
- CVE-2008-4098Sep 18, 2008risk 0.00cvss —epss 0.02
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables…
- CVE-2008-4097Sep 18, 2008risk 0.00cvss —epss 0.02
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory,…
- CVE-2008-4096Sep 18, 2008risk 0.04cvss —epss 0.11
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
- CVE-2008-3961Sep 18, 2008risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file.
- CVE-2008-3195Sep 18, 2008risk 0.04cvss —epss 0.08
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via…
- CVE-2008-2468Sep 18, 2008risk 0.01cvss —epss 0.10
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.
- CVE-2008-1093Sep 18, 2008risk 0.00cvss —epss 0.02
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
- CVE-2008-4115Sep 16, 2008risk 0.03cvss —epss 0.03
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
- CVE-2008-4114Sep 16, 2008risk 0.07cvss —epss 0.49
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet…
- CVE-2008-4113Sep 16, 2008risk 0.03cvss —epss 0.01
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel…
- CVE-2008-4111Sep 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors.
- CVE-2008-3950Sep 16, 2008risk 0.04cvss —epss 0.07
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an…
- CVE-2008-3622Sep 16, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."
- CVE-2008-3621Sep 16, 2008risk 0.00cvss —epss 0.06
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
- CVE-2008-3619Sep 16, 2008risk 0.00cvss —epss 0.00
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.
- CVE-2008-3618Sep 16, 2008risk 0.00cvss —epss 0.02
The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files…
- CVE-2008-3617Sep 16, 2008risk 0.00cvss —epss 0.01
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed…
- CVE-2008-3616Sep 16, 2008risk 0.00cvss —epss 0.04
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API…
- CVE-2008-3613Sep 16, 2008risk 0.00cvss —epss 0.01
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.
- CVE-2008-3611Sep 16, 2008risk 0.00cvss —epss 0.00
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering…
- CVE-2008-3610Sep 16, 2008risk 0.00cvss —epss 0.02
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an…
- CVE-2008-3609Sep 16, 2008risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
- CVE-2008-3608Sep 16, 2008risk 0.00cvss —epss 0.03
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
- CVE-2008-2332Sep 16, 2008risk 0.00cvss —epss 0.03
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
- CVE-2008-2331Sep 16, 2008risk 0.00cvss —epss 0.01
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an…
- CVE-2008-2330Sep 16, 2008risk 0.00cvss —epss 0.00
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."
- CVE-2008-2329Sep 16, 2008risk 0.00cvss —epss 0.00
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
- CVE-2008-2312Sep 16, 2008risk 0.00cvss —epss 0.00
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
- CVE-2008-2305Sep 16, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
- CVE-2008-4110Sep 16, 2008risk 0.01cvss —epss 0.18
Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second…
- CVE-2008-2437Sep 16, 2008risk 0.01cvss —epss 0.07
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long…
- CVE-2008-4095Sep 16, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713.
- CVE-2008-4093Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.
- CVE-2008-4092Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
- CVE-2008-4091Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
- CVE-2008-4090Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.
- CVE-2008-4089Sep 15, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
- CVE-2008-4088Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
- CVE-2008-4087Sep 15, 2008risk 0.03cvss —epss 0.03
Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field.
- CVE-2008-4086Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
- CVE-2008-4085Sep 15, 2008risk 0.00cvss —epss 0.00
plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.
- CVE-2008-4084Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.
- CVE-2008-4083Sep 15, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party…
- CVE-2008-4082Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.
- CVE-2008-4081Sep 15, 2008risk 0.03cvss —epss 0.03
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.