| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3936 | 0.00 | — | 0.02 | Sep 5, 2008 | The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. | |||
| CVE-2008-3937 | Med | 0.43 | 6.1 | 0.01 | Sep 5, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the… | ||
| CVE-2008-3938 | Hig | 0.57 | 8.8 | 0.00 | Sep 5, 2008 | Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | ||
| CVE-2008-3939 | Hig | 0.49 | 7.5 | 0.02 | Sep 5, 2008 | Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | ||
| CVE-2008-3940 | 0.00 | — | 0.00 | Sep 5, 2008 | Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | |||
| CVE-2008-3941 | 0.03 | — | 0.01 | Sep 5, 2008 | Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI. | |||
| CVE-2008-3942 | 0.03 | — | 0.01 | Sep 5, 2008 | SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3943 | 0.03 | — | 0.01 | Sep 5, 2008 | SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||
| CVE-2008-3944 | 0.03 | — | 0.01 | Sep 5, 2008 | SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action. | |||
| CVE-2008-3945 | 0.03 | — | 0.01 | Sep 5, 2008 | SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action. | |||
| CVE-2008-3903 | 0.00 | — | 0.02 | Sep 4, 2008 | Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication… | |||
| CVE-2008-3932 | 0.00 | — | 0.02 | Sep 4, 2008 | Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. | |||
| CVE-2008-3933 | 0.00 | — | 0.01 | Sep 4, 2008 | Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. | |||
| CVE-2008-3934 | 0.00 | — | 0.01 | Sep 4, 2008 | Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | |||
| CVE-2008-3916 | 0.00 | — | 0.04 | Sep 4, 2008 | Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only… | |||
| CVE-2008-3917 | 0.03 | — | 0.02 | Sep 4, 2008 | Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action. | |||
| CVE-2008-3918 | 0.03 | — | 0.01 | Sep 4, 2008 | SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-3919 | 0.00 | — | 0.04 | Sep 4, 2008 | Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008. | |||
| CVE-2008-3920 | 0.00 | — | 0.02 | Sep 4, 2008 | Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors. | |||
| CVE-2008-3921 | 0.00 | — | 0.01 | Sep 4, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter. | |||
| CVE-2008-3922 | 0.07 | — | 0.53 | Sep 4, 2008 | awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function. | |||
| CVE-2008-3923 | 0.03 | — | 0.02 | Sep 4, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action. | |||
| CVE-2008-3924 | 0.03 | — | 0.02 | Sep 4, 2008 | The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a)… | |||
| CVE-2008-3925 | 0.03 | — | 0.01 | Sep 4, 2008 | Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action. | |||
| CVE-2008-3926 | 0.03 | — | 0.02 | Sep 4, 2008 | Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env… | |||
| CVE-2008-3927 | 0.00 | — | 0.00 | Sep 4, 2008 | genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files. | |||
| CVE-2008-3928 | 0.00 | — | 0.00 | Sep 4, 2008 | test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2008-3929 | 0.00 | — | 0.00 | Sep 4, 2008 | gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. | |||
| CVE-2008-3930 | 0.00 | — | 0.00 | Sep 4, 2008 | migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2008-3931 | 0.00 | — | 0.00 | Sep 4, 2008 | javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2007-6716 | Med | 0.36 | 5.5 | 0.01 | Sep 4, 2008 | fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | ||
| CVE-2008-3904 | 0.00 | — | 0.02 | Sep 4, 2008 | src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||
| CVE-2008-3905 | 0.00 | — | 0.02 | Sep 4, 2008 | resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different… | |||
| CVE-2008-3906 | 0.04 | — | 0.07 | Sep 4, 2008 | CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. | |||
| CVE-2008-3907 | 0.00 | — | 0.02 | Sep 4, 2008 | The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL. | |||
| CVE-2008-3908 | 0.00 | — | 0.04 | Sep 4, 2008 | Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka… | |||
| CVE-2008-3909 | 0.00 | — | 0.01 | Sep 4, 2008 | The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via… | |||
| CVE-2008-3910 | 0.00 | — | 0.02 | Sep 4, 2008 | dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact. | |||
| CVE-2008-3911 | 0.00 | — | 0.00 | Sep 4, 2008 | The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the… | |||
| CVE-2008-1389 | 0.00 | — | 0.03 | Sep 4, 2008 | libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." | |||
| CVE-2008-2441 | 0.00 | — | 0.03 | Sep 4, 2008 | Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows… | |||
| CVE-2008-2732 | 0.00 | — | 0.03 | Sep 4, 2008 | Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a… | |||
| CVE-2008-2733 | 0.00 | — | 0.03 | Sep 4, 2008 | Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service… | |||
| CVE-2008-2734 | 0.00 | — | 0.03 | Sep 4, 2008 | Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory… | |||
| CVE-2008-2735 | 0.00 | — | 0.03 | Sep 4, 2008 | The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a… | |||
| CVE-2008-2736 | 0.00 | — | 0.03 | Sep 4, 2008 | Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. | |||
| CVE-2008-1739 | 0.00 | — | 0.02 | Sep 3, 2008 | Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. | |||
| CVE-2008-3902 | 0.00 | — | 0.00 | Sep 3, 2008 | HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104. | |||
| CVE-2008-2101 | 0.00 | — | 0.00 | Sep 3, 2008 | The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2008-3101 | 0.03 | — | 0.04 | Sep 3, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an… |
- CVE-2008-3936Sep 5, 2008risk 0.00cvss —epss 0.02
The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.
- risk 0.43cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the…
- risk 0.57cvss 8.8epss 0.00
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
- CVE-2008-3940Sep 5, 2008risk 0.00cvss —epss 0.00
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.
- CVE-2008-3941Sep 5, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.
- CVE-2008-3942Sep 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3943Sep 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.
- CVE-2008-3944Sep 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
- CVE-2008-3945Sep 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
- CVE-2008-3903Sep 4, 2008risk 0.00cvss —epss 0.02
Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication…
- CVE-2008-3932Sep 4, 2008risk 0.00cvss —epss 0.02
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
- CVE-2008-3933Sep 4, 2008risk 0.00cvss —epss 0.01
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.
- CVE-2008-3934Sep 4, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
- CVE-2008-3916Sep 4, 2008risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only…
- CVE-2008-3917Sep 4, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.
- CVE-2008-3918Sep 4, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-3919Sep 4, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
- CVE-2008-3920Sep 4, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.
- CVE-2008-3921Sep 4, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter.
- CVE-2008-3922Sep 4, 2008risk 0.07cvss —epss 0.53
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
- CVE-2008-3923Sep 4, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
- CVE-2008-3924Sep 4, 2008risk 0.03cvss —epss 0.02
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a)…
- CVE-2008-3925Sep 4, 2008risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.
- CVE-2008-3926Sep 4, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env…
- CVE-2008-3927Sep 4, 2008risk 0.00cvss —epss 0.00
genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.
- CVE-2008-3928Sep 4, 2008risk 0.00cvss —epss 0.00
test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2008-3929Sep 4, 2008risk 0.00cvss —epss 0.00
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
- CVE-2008-3930Sep 4, 2008risk 0.00cvss —epss 0.00
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2008-3931Sep 4, 2008risk 0.00cvss —epss 0.00
javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- risk 0.36cvss 5.5epss 0.01
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
- CVE-2008-3904Sep 4, 2008risk 0.00cvss —epss 0.02
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
- CVE-2008-3905Sep 4, 2008risk 0.00cvss —epss 0.02
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different…
- CVE-2008-3906Sep 4, 2008risk 0.04cvss —epss 0.07
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
- CVE-2008-3907Sep 4, 2008risk 0.00cvss —epss 0.02
The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.
- CVE-2008-3908Sep 4, 2008risk 0.00cvss —epss 0.04
Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka…
- CVE-2008-3909Sep 4, 2008risk 0.00cvss —epss 0.01
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via…
- CVE-2008-3910Sep 4, 2008risk 0.00cvss —epss 0.02
dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.
- CVE-2008-3911Sep 4, 2008risk 0.00cvss —epss 0.00
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the…
- CVE-2008-1389Sep 4, 2008risk 0.00cvss —epss 0.03
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
- CVE-2008-2441Sep 4, 2008risk 0.00cvss —epss 0.03
Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows…
- CVE-2008-2732Sep 4, 2008risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a…
- CVE-2008-2733Sep 4, 2008risk 0.00cvss —epss 0.03
Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service…
- CVE-2008-2734Sep 4, 2008risk 0.00cvss —epss 0.03
Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory…
- CVE-2008-2735Sep 4, 2008risk 0.00cvss —epss 0.03
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a…
- CVE-2008-2736Sep 4, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.
- CVE-2008-1739Sep 3, 2008risk 0.00cvss —epss 0.02
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
- CVE-2008-3902Sep 3, 2008risk 0.00cvss —epss 0.00
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104.
- CVE-2008-2101Sep 3, 2008risk 0.00cvss —epss 0.00
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
- CVE-2008-3101Sep 3, 2008risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an…