| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0678 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action. | |||
| CVE-2008-0679 | 0.03 | — | 0.02 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2008-0680 | 0.04 | — | 0.07 | Feb 12, 2008 | SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. | |||
| CVE-2008-0681 | 0.03 | — | 0.02 | Feb 12, 2008 | SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. | |||
| CVE-2008-0682 | 0.03 | — | 0.03 | Feb 12, 2008 | SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0683 | 0.03 | — | 0.03 | Feb 12, 2008 | SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter. | |||
| CVE-2008-0684 | 0.03 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter. | |||
| CVE-2008-0685 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||
| CVE-2008-0686 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2008-0687 | 0.00 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter. | |||
| CVE-2008-0688 | 0.03 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action. | |||
| CVE-2008-0689 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action. | |||
| CVE-2008-0690 | 0.04 | — | 0.09 | Feb 12, 2008 | SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action. | |||
| CVE-2008-0691 | 0.03 | — | 0.04 | Feb 12, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2)… | |||
| CVE-2008-0692 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||
| CVE-2008-0693 | 0.00 | — | 0.02 | Feb 12, 2008 | Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101. | |||
| CVE-2008-0694 | 0.00 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | |||
| CVE-2008-0695 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action. | |||
| CVE-2008-0696 | 0.00 | — | 0.01 | Feb 12, 2008 | IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | |||
| CVE-2008-0697 | 0.00 | — | 0.00 | Feb 12, 2008 | Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | |||
| CVE-2008-0698 | 0.00 | — | 0.02 | Feb 12, 2008 | Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | |||
| CVE-2008-0699 | 0.00 | — | 0.05 | Feb 12, 2008 | Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors. | |||
| CVE-2008-0700 | 0.03 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-0701 | 0.00 | — | 0.01 | Feb 12, 2008 | ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | |||
| CVE-2008-0702 | 0.04 | — | 0.08 | Feb 12, 2008 | Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than… | |||
| CVE-2008-0703 | 0.03 | — | 0.03 | Feb 12, 2008 | Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php. | |||
| CVE-2008-0665 | 0.00 | — | 0.00 | Feb 11, 2008 | wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | |||
| CVE-2008-0666 | 0.00 | — | 0.00 | Feb 11, 2008 | Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. | |||
| CVE-2008-0667 | 0.01 | — | 0.07 | Feb 11, 2008 | The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be… | |||
| CVE-2008-0668 | 0.00 | — | 0.05 | Feb 11, 2008 | The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to… | |||
| CVE-2008-0593 | 0.00 | — | 0.02 | Feb 9, 2008 | Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information… | |||
| CVE-2008-0594 | 0.00 | — | 0.02 | Feb 9, 2008 | Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. | |||
| CVE-2008-0591 | 0.00 | — | 0.04 | Feb 9, 2008 | Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the… | |||
| CVE-2008-0592 | 0.00 | — | 0.02 | Feb 9, 2008 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future… | |||
| CVE-2008-0412 | 0.00 | — | 0.03 | Feb 8, 2008 | The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2)… | |||
| CVE-2008-0413 | 0.00 | — | 0.02 | Feb 8, 2008 | The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and… | |||
| CVE-2008-0414 | 0.00 | — | 0.02 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." | |||
| CVE-2008-0415 | 0.00 | — | 0.02 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript… | |||
| CVE-2008-0417 | 0.00 | — | 0.01 | Feb 8, 2008 | CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | |||
| CVE-2008-0418 | 0.04 | — | 0.09 | Feb 8, 2008 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated… | |||
| CVE-2008-0419 | 0.00 | — | 0.04 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. | |||
| CVE-2008-0007 | 0.00 | — | 0.00 | Feb 8, 2008 | Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. | |||
| CVE-2008-0043 | 0.00 | — | 0.04 | Feb 8, 2008 | Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | |||
| CVE-2008-0214 | 0.00 | — | 0.02 | Feb 8, 2008 | Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. | |||
| CVE-2008-0554 | 0.00 | — | 0.04 | Feb 8, 2008 | Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. | |||
| CVE-2008-0640 | 0.00 | — | 0.03 | Feb 8, 2008 | Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | |||
| CVE-2008-0659 | 0.08 | — | 0.56 | Feb 8, 2008 | Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property. | |||
| CVE-2008-0660 | 0.06 | — | 0.38 | Feb 8, 2008 | Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1)… | |||
| CVE-2008-0661 | 0.03 | — | 0.05 | Feb 8, 2008 | Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569. | |||
| CVE-2008-0662 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2008 | The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing… |
- CVE-2008-0678Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
- CVE-2008-0679Feb 12, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
- CVE-2008-0680Feb 12, 2008risk 0.04cvss —epss 0.07
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
- CVE-2008-0681Feb 12, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
- CVE-2008-0682Feb 12, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0683Feb 12, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
- CVE-2008-0684Feb 12, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.
- CVE-2008-0685Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
- CVE-2008-0686Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2008-0687Feb 12, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter.
- CVE-2008-0688Feb 12, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action.
- CVE-2008-0689Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.
- CVE-2008-0690Feb 12, 2008risk 0.04cvss —epss 0.09
SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.
- CVE-2008-0691Feb 12, 2008risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2)…
- CVE-2008-0692Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
- CVE-2008-0693Feb 12, 2008risk 0.00cvss —epss 0.02
Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101.
- CVE-2008-0694Feb 12, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
- CVE-2008-0695Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.
- CVE-2008-0696Feb 12, 2008risk 0.00cvss —epss 0.01
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.
- CVE-2008-0697Feb 12, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
- CVE-2008-0698Feb 12, 2008risk 0.00cvss —epss 0.02
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."
- CVE-2008-0699Feb 12, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
- CVE-2008-0700Feb 12, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-0701Feb 12, 2008risk 0.00cvss —epss 0.01
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.
- CVE-2008-0702Feb 12, 2008risk 0.04cvss —epss 0.08
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than…
- CVE-2008-0703Feb 12, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
- CVE-2008-0665Feb 11, 2008risk 0.00cvss —epss 0.00
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
- CVE-2008-0666Feb 11, 2008risk 0.00cvss —epss 0.00
Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
- CVE-2008-0667Feb 11, 2008risk 0.01cvss —epss 0.07
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be…
- CVE-2008-0668Feb 11, 2008risk 0.00cvss —epss 0.05
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to…
- CVE-2008-0593Feb 9, 2008risk 0.00cvss —epss 0.02
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information…
- CVE-2008-0594Feb 9, 2008risk 0.00cvss —epss 0.02
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
- CVE-2008-0591Feb 9, 2008risk 0.00cvss —epss 0.04
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the…
- CVE-2008-0592Feb 9, 2008risk 0.00cvss —epss 0.02
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future…
- CVE-2008-0412Feb 8, 2008risk 0.00cvss —epss 0.03
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2)…
- CVE-2008-0413Feb 8, 2008risk 0.00cvss —epss 0.02
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and…
- CVE-2008-0414Feb 8, 2008risk 0.00cvss —epss 0.02
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
- CVE-2008-0415Feb 8, 2008risk 0.00cvss —epss 0.02
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript…
- CVE-2008-0417Feb 8, 2008risk 0.00cvss —epss 0.01
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
- CVE-2008-0418Feb 8, 2008risk 0.04cvss —epss 0.09
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated…
- CVE-2008-0419Feb 8, 2008risk 0.00cvss —epss 0.04
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
- CVE-2008-0007Feb 8, 2008risk 0.00cvss —epss 0.00
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
- CVE-2008-0043Feb 8, 2008risk 0.00cvss —epss 0.04
Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.
- CVE-2008-0214Feb 8, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors.
- CVE-2008-0554Feb 8, 2008risk 0.00cvss —epss 0.04
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
- CVE-2008-0640Feb 8, 2008risk 0.00cvss —epss 0.03
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
- CVE-2008-0659Feb 8, 2008risk 0.08cvss —epss 0.56
Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.
- CVE-2008-0660Feb 8, 2008risk 0.06cvss —epss 0.38
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1)…
- CVE-2008-0661Feb 8, 2008risk 0.03cvss —epss 0.05
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
- risk 0.51cvss 7.8epss 0.00
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing…