Lista CVE - 2008 / Novembre
Visualizzazione 401 - 432 di 432 CVE per Novembre 2008 (Pagina 5 di 5)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-5247 | 2008-11-26 | The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause... |
| CVE-2008-5248 | 2008-11-26 | xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." |
| CVE-2008-2429 | 2008-11-26 | Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php.... |
| CVE-2008-2432 | 2008-11-26 | Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory... |
| CVE-2008-5231 | 2008-11-26 | Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via... |
| CVE-2008-2378 | 2008-11-26 | Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related... |
| CVE-2008-5162 | 2008-11-26 | The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier... |
| CVE-2008-4313 | 2008-11-27 | A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and... |
| CVE-2008-4315 | 2008-11-27 | tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes... |
| CVE-2008-4636 | 2008-11-27 | yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. |
| CVE-2008-5256 | 2008-11-27 | The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file. |
| CVE-2008-5257 | 2008-11-27 | webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a... |
| CVE-2008-5264 | 2008-11-28 | Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a... |
| CVE-2008-5265 | 2008-11-28 | Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo... |
| CVE-2008-5266 | 2008-11-28 | Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers... |
| CVE-2008-5267 | 2008-11-28 | SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter. |
| CVE-2008-5268 | 2008-11-28 | SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. |
| CVE-2008-5269 | 2008-11-28 | SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. |
| CVE-2008-5270 | 2008-11-28 | SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter. |
| CVE-2008-5271 | 2008-11-28 | Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
| CVE-2008-5272 | 2008-11-28 | Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2)... |
| CVE-2008-5273 | 2008-11-28 | SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. |
| CVE-2008-5274 | 2008-11-28 | Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this... |
| CVE-2008-5275 | 2008-11-28 | Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or... |
| CVE-2008-5278 | 2008-11-28 | Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2008-5279 | 2008-11-29 | The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple... |
| CVE-2008-5280 | 2008-11-29 | The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests... |
| CVE-2008-5282 | 2008-11-29 | Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV... |
| CVE-2008-5284 | 2008-11-29 | The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8,... |
| CVE-2008-5281 | 2008-11-29 | Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. |
| CVE-2008-5283 | 2008-11-29 | Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this... |
| CVE-2008-4314 | 2008-12-01 | smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests,... |
| CVE-2008-5285 | 2008-12-01 | Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. |
| CVE-2008-5286 | 2008-12-01 | Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a... |
| CVE-2008-5287 | 2008-12-01 | SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| CVE-2008-5288 | 2008-12-01 | PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2008-5289 | 2008-12-01 | SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-5290 | 2008-12-01 | Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2008-5291 | 2008-12-01 | Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than... |
| CVE-2008-5292 | 2008-12-01 | SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter. |
| CVE-2008-5293 | 2008-12-01 | SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter. |
| CVE-2008-5294 | 2008-12-01 | SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter. |
| CVE-2008-5295 | 2008-12-01 | SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter. |
| CVE-2008-5296 | 2008-12-01 | Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are... |
| CVE-2008-5297 | 2008-12-01 | Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length... |
| CVE-2008-5298 | 2008-12-01 | chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead... |
| CVE-2008-5299 | 2008-12-01 | chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories. |
| CVE-2008-5300 | 2008-12-01 | Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during... |
| CVE-2008-5301 | 2008-12-01 | Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a... |
| CVE-2008-5302 | 2008-12-01 | Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a... |
| CVE-2008-5303 | 2008-12-01 | Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448,... |
| CVE-2008-5306 | 2008-12-02 | SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained... |
| CVE-2008-5307 | 2008-12-02 | SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from... |
| CVE-2008-5308 | 2008-12-02 | The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request... |
| CVE-2008-5309 | 2008-12-02 | SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php. |
| CVE-2008-5310 | 2008-12-02 | SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-5311 | 2008-12-02 | SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-3057 | 2008-12-03 | Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers... |
| CVE-2008-3058 | 2008-12-03 | Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to... |
| CVE-2008-3059 | 2008-12-03 | member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to... |
| CVE-2008-5276 | 2008-12-03 | Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a... |
| CVE-2008-5312 | 2008-12-03 | mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate,... |
| CVE-2008-5313 | 2008-12-03 | mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate,... |
| CVE-2008-5314 | 2008-12-03 | Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop,... |
| CVE-2008-5315 | 2008-12-03 | Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2008-5316 | 2008-12-03 | Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length... |
| CVE-2008-5317 | 2008-12-03 | Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a... |
| CVE-2008-5080 | 2008-12-03 | awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists... |
| CVE-2008-5318 | 2008-12-03 | Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. |
| CVE-2008-5319 | 2008-12-03 | Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. |
| CVE-2008-5320 | 2008-12-03 | SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter. |
| CVE-2008-5321 | 2008-12-03 | SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter. |
| CVE-2008-5322 | 2008-12-03 | Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. |
| CVE-2008-5323 | 2008-12-03 | Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2008-2379 | 2008-12-05 | Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. |
| CVE-2008-4416 | 2008-12-05 | Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. |
| CVE-2008-5326 | 2008-12-05 | The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using... |
| CVE-2008-5327 | 2008-12-05 | The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows... |
| CVE-2008-5328 | 2008-12-05 | The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote... |
| CVE-2008-5329 | 2008-12-05 | ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on... |
| CVE-2008-5330 | 2008-12-05 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow... |
| CVE-2008-5324 | 2008-12-05 | Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2008-5325 | 2008-12-05 | Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2008-5331 | 2008-12-05 | Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack. |
| CVE-2008-5332 | 2008-12-05 | Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including... |
| CVE-2008-5333 | 2008-12-05 | SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-5334 | 2008-12-05 | PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
| CVE-2008-5335 | 2008-12-05 | SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different... |
| CVE-2008-5336 | 2008-12-05 | SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter. |
| CVE-2008-5337 | 2008-12-05 | SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-5338 | 2008-12-05 | Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
| CVE-2007-6719 | 2008-12-05 | SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely... |
| CVE-2008-2086 | 2008-12-05 | Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and... |
| CVE-2008-5339 | 2008-12-05 | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK... |
| CVE-2008-5340 | 2008-12-05 | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK... |
| CVE-2008-5341 | 2008-12-05 | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows... |
| CVE-2008-5342 | 2008-12-05 | Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and... |
| CVE-2008-5343 | 2008-12-05 | Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18... |
| CVE-2008-5344 | 2008-12-05 | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK... |
| CVE-2008-5345 | 2008-12-05 | Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and... |