Total
5449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0889 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2024-11-21 | N/A |
| Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. | ||||
| CVE-2008-0865 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-11-21 | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | ||||
| CVE-2008-0864 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-11-21 | N/A |
| Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-0862 | 1 Ibm | 1 Lotus Notes | 2024-11-21 | N/A |
| IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. | ||||
| CVE-2008-0843 | 1 Statcountex | 1 Statcountex | 2024-11-21 | N/A |
| StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. | ||||
| CVE-2008-0807 | 2 Debian, Horde | 4 Debian Linux, Groupware, Groupware Webmail Edition and 1 more | 2024-11-21 | N/A |
| lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | ||||
| CVE-2008-0805 | 1 Reality | 1 Medias Phpizabi | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures. | ||||
| CVE-2008-0792 | 1 F-secure | 8 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 5 more | 2024-11-21 | N/A |
| Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. | ||||
| CVE-2008-0779 | 1 Fortinet | 1 Forticlient Host Security | 2024-11-21 | N/A |
| The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. | ||||
| CVE-2008-0777 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. | ||||
| CVE-2008-0741 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors. | ||||
| CVE-2008-0740 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. | ||||
| CVE-2008-0731 | 3 Linux, Novell, Suse | 3 Linux Kernel, Apparmor, Open Suse | 2024-11-21 | N/A |
| The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. | ||||
| CVE-2008-0730 | 1 Sun | 1 Solaris | 2024-11-21 | N/A |
| The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users. | ||||
| CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | ||||
| CVE-2008-0707 | 1 Hp | 2 Hp-ux, Storageworks Library And Tape Tools | 2024-11-21 | N/A |
| HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2008-0704 | 1 Hp | 3 Alpha, Integrity, Open Vms Tcp-ip Services | 2024-11-21 | N/A |
| Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors. | ||||
| CVE-2008-0701 | 1 Magnolia | 1 Ce | 2024-11-21 | N/A |
| ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | ||||
| CVE-2008-0697 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
| Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | ||||
| CVE-2008-0696 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
| IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | ||||