Total
8795 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2782 | 1 Otomigenx | 1 Otomigenx | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php. | ||||
| CVE-2008-2747 | 2 Microsoft, No-ip | 2 Windows, Dynamic Update Client | 2024-11-21 | N/A |
| No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | ||||
| CVE-2008-2736 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2024-11-21 | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. | ||||
| CVE-2008-2729 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | N/A |
| arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information. | ||||
| CVE-2008-2723 | 1 Menalto | 1 Gallery | 2024-11-21 | N/A |
| embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | ||||
| CVE-2008-2721 | 1 Menalto | 1 Gallery | 2024-11-21 | N/A |
| Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. | ||||
| CVE-2008-2715 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
| Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. | ||||
| CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2024-11-21 | N/A |
| Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | ||||
| CVE-2008-2517 | 1 Sarab | 1 Sarab | 2024-11-21 | N/A |
| The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2008-2432 | 1 Novell | 1 Iprint | 2024-11-21 | N/A |
| Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | ||||
| CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2024-11-21 | N/A |
| slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | ||||
| CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | N/A |
| Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | ||||
| CVE-2008-2318 | 1 Apple | 2 Xcode, Xcode Tools | 2024-11-21 | N/A |
| The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | ||||
| CVE-2008-2246 | 1 Microsoft | 2 Windows-nt, Windows Vista | 2024-11-21 | N/A |
| Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-2159 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | N/A |
| Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information. | ||||
| CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2024-11-21 | N/A |
| Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | ||||
| CVE-2008-2101 | 1 Vmware | 1 Esx | 2024-11-21 | N/A |
| The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2008-2049 | 1 E-post Corporation | 1 Mail Server | 2024-11-21 | N/A |
| The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. | ||||
| CVE-2008-2028 | 1 Minibb | 1 Minibb | 2024-11-21 | N/A |
| miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message. | ||||
| CVE-2008-2027 | 1 Rsa | 1 Authentication Agent | 2024-11-21 | N/A |
| Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action. | ||||