Total
5449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160. | ||||
| CVE-2008-3303 | 1 Tuxplanet | 1 Bilboblog | 2024-11-21 | N/A |
| admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | ||||
| CVE-2008-3300 | 1 Alphadmin | 1 Alphadmin Cms | 2024-11-21 | N/A |
| AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3279 | 2 Mielke, Redhat | 2 Brltty, Enterprise Linux | 2024-11-21 | N/A |
| Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | ||||
| CVE-2008-3273 | 2 Jboss, Redhat | 3 Enterprise Application Platform, Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2024-11-21 | N/A |
| JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | ||||
| CVE-2008-3271 | 2 Apache, Redhat | 2 Tomcat, Network Satellite | 2024-11-21 | N/A |
| Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. | ||||
| CVE-2008-3268 | 1 Brickhost | 1 Phpscheduleit | 2024-11-21 | N/A |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2024-11-21 | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | ||||
| CVE-2008-3226 | 1 Joomla | 1 Joomla | 2024-11-21 | N/A |
| The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | ||||
| CVE-2008-3225 | 1 Joomla | 1 Joomla | 2024-11-21 | N/A |
| Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | ||||
| CVE-2008-3173 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | N/A |
| Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. | ||||
| CVE-2008-3172 | 1 Opera | 1 Opera | 2024-11-21 | N/A |
| Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | ||||
| CVE-2008-3170 | 1 Apple | 1 Safari | 2024-11-21 | N/A |
| Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | ||||
| CVE-2008-3158 | 1 Novell | 1 Novell Client For Windows | 2024-11-21 | N/A |
| Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. | ||||
| CVE-2008-3156 | 1 Panda | 1 Panda Activescan | 2024-11-21 | N/A |
| The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | ||||
| CVE-2008-3113 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2024-11-21 | N/A |
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. | ||||
| CVE-2008-3112 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2024-11-21 | N/A |
| Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. | ||||
| CVE-2008-3110 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2024-11-21 | N/A |
| Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. | ||||
| CVE-2008-3109 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2024-11-21 | N/A |
| Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||||
| CVE-2008-3107 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2024-11-21 | N/A |
| Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||||