Total
258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2017-08-17 | 9.3 HIGH | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
| CVE-2007-6723 | 3 Anonymityanywhere, Apple, Microsoft | 3 Tork, Mac Os X, Windows | 2017-08-17 | 4.3 MEDIUM | N/A |
| TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||
| CVE-2011-2730 | 1 Springsource | 1 Spring Framework | 2017-08-09 | 7.5 HIGH | N/A |
| VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." | |||||
| CVE-2008-5710 | 1 Avaya | 1 Communication Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. | |||||
| CVE-2009-0507 | 1 Ibm | 1 Websphere Process Server | 2017-08-08 | 4.0 MEDIUM | N/A |
| IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. | |||||
| CVE-2008-5277 | 1 Powerdns | 1 Powerdns | 2017-08-08 | 4.3 MEDIUM | N/A |
| PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. | |||||
| CVE-2009-0144 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. | |||||
| CVE-2009-0432 | 1 Ibm | 1 Websphere Application Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-5827 | 1 Nokia | 1 6131 Nfc | 2017-08-08 | 7.5 HIGH | N/A |
| The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag. | |||||
| CVE-2008-4212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-4311 | 1 Freedesktop | 1 Dbus | 2017-08-08 | 4.6 MEDIUM | N/A |
| The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | |||||
| CVE-2008-3228 | 1 Joomla | 1 Joomla | 2017-08-08 | 7.5 HIGH | N/A |
| Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | |||||
| CVE-2008-3177 | 1 Sophos | 5 Email Appliance, Es1000, Es4000 and 2 more | 2017-08-08 | 5.0 MEDIUM | N/A |
| Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | |||||
| CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2017-08-08 | 7.6 HIGH | N/A |
| Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | |||||
| CVE-2008-3519 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-08 | 4.3 MEDIUM | N/A |
| The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | |||||
| CVE-2008-2060 | 1 Cisco | 1 Intrusion Prevention System | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames." | |||||
| CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2017-08-08 | 7.2 HIGH | N/A |
| The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | |||||
| CVE-2008-1287 | 1 Ibm | 1 Rational Clearquest | 2017-08-08 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | |||||
| CVE-2008-1923 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2017-08-08 | 7.1 HIGH | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. | |||||
| CVE-2008-2154 | 1 Ibm | 1 Db2 | 2017-08-08 | 6.0 MEDIUM | N/A |
| IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | |||||