Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3145 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. | |||||
| CVE-2008-3314 | 1 Zdaemon | 1 Zdaemon | 2018-10-11 | 5.0 MEDIUM | N/A |
| ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference. | |||||
| CVE-2008-3137 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.3 MEDIUM | N/A |
| The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||||
| CVE-2008-3287 | 1 Emc Dantz | 1 Retrospect Backup Client | 2018-10-11 | 5.0 MEDIUM | N/A |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. | |||||
| CVE-2008-2970 | 1 Yektaweb | 1 Academic Web Tools | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/. | |||||
| CVE-2008-2955 | 1 Pidgin | 1 Pidgin | 2018-10-11 | 4.3 MEDIUM | N/A |
| Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. | |||||
| CVE-2008-2933 | 1 Mozilla | 1 Firefox | 2018-10-11 | 2.6 LOW | N/A |
| Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | |||||
| CVE-2008-2988 | 1 Benjacms | 1 Benja Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/. | |||||
| CVE-2008-2809 | 2 Mozilla, Netscape | 4 Firefox, Geckb, Seamonkey and 1 more | 2018-10-11 | 4.0 MEDIUM | N/A |
| Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | |||||
| CVE-2008-2806 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. | |||||
| CVE-2008-2805 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. | |||||
| CVE-2008-2704 | 1 Novell | 1 Groupwise Messenger | 2018-10-11 | 5.0 MEDIUM | N/A |
| Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2008-2748 | 1 Skulltag Team | 1 Skulltag | 2018-10-11 | 5.0 MEDIUM | N/A |
| Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times." | |||||
| CVE-2008-2391 | 1 Codeplex | 1 Subsonic | 2018-10-11 | 7.8 HIGH | N/A |
| SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1. | |||||
| CVE-2008-2574 | 1 Flashblog | 1 Flashblog | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/. | |||||
| CVE-2008-2636 | 1 Cisco | 1 Linksys Wrh54g Router | 2018-10-11 | 7.8 HIGH | N/A |
| The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. | |||||
| CVE-2008-2106 | 1 Activision | 1 Call Of Duty 4 | 2018-10-11 | 6.8 MEDIUM | N/A |
| Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. | |||||
| CVE-2008-2119 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2018-10-11 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. | |||||
| CVE-2008-2110 | 1 Qto | 1 Qtofilemanager | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request. | |||||
| CVE-2008-2006 | 1 Apple | 2 Ical, Mac Os X | 2018-10-11 | 4.3 MEDIUM | N/A |
| Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. | |||||