Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3835 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-07 | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | ||||
| CVE-2008-3836 | 1 Mozilla | 1 Firefox | 2024-08-07 | N/A |
| feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions. | ||||
| CVE-2008-3830 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-08-07 | N/A |
| Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions. | ||||
| CVE-2008-3833 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
| The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210. | ||||
| CVE-2008-3742 | 1 Drupal | 1 Drupal | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. | ||||
| CVE-2008-3747 | 1 Wordpress | 1 Wordpress | 2024-08-07 | N/A |
| The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. | ||||
| CVE-2008-3778 | 1 Avaya | 3 Communication Manager, S8300c Server, Sip Enablement Services | 2024-08-07 | N/A |
| The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. | ||||
| CVE-2008-3681 | 1 Joomla | 1 Com User | 2024-08-07 | N/A |
| components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. | ||||
| CVE-2008-3698 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2024-08-07 | N/A |
| Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. | ||||
| CVE-2008-3618 | 1 Apple | 1 Mac Os X | 2024-08-07 | N/A |
| The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended. | ||||
| CVE-2008-3655 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2024-08-07 | N/A |
| Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. | ||||
| CVE-2008-3631 | 1 Apple | 1 Ipod Touch | 2024-08-07 | N/A |
| Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. | ||||
| CVE-2008-3619 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | ||||
| CVE-2008-3605 | 1 Mcafee | 1 Encrypted Usb Manager | 2024-08-07 | N/A |
| Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors. | ||||
| CVE-2008-3609 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | ||||
| CVE-2008-3602 | 1 Psychdaily | 1 Php Ring Webring System | 2024-08-07 | N/A |
| admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | ||||
| CVE-2008-3573 | 2 Php-nuke, Pligg | 2 Php-nuke, Pligg | 2024-08-07 | N/A |
| The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. | ||||
| CVE-2008-3542 | 1 Hp | 1 Insight Diagnostics | 2024-08-07 | N/A |
| Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2008-3553 | 2 Nokia, Sun | 2 Series 40, J2me | 2024-08-07 | N/A |
| Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-3557 | 1 Fhm-script | 1 Free Hosting Manager | 2024-08-07 | N/A |
| Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies. | ||||