Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2784 | 1 Spamdyke | 1 Spamdyke | 2024-08-07 | N/A |
| The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command. | ||||
| CVE-2008-2717 | 2 Apache, Typo3 | 2 Apache Webserver, Typo3 | 2024-08-07 | N/A |
| TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | ||||
| CVE-2008-2722 | 1 Menalto | 1 Gallery | 2024-08-07 | N/A |
| Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | ||||
| CVE-2008-2724 | 1 Menalto | 1 Gallery | 2024-08-07 | N/A |
| Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-2682 | 1 Realm Project | 1 Realm Cms | 2024-08-07 | N/A |
| _RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID. | ||||
| CVE-2008-2540 | 2 Apple, Microsoft | 6 Safari, Internet Explorer, Windows Server 2003 and 3 more | 2024-08-07 | N/A |
| Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||||
| CVE-2008-2551 | 1 Icona | 1 Instant Messenger | 2024-08-07 | N/A |
| The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run." | ||||
| CVE-2008-2488 | 1 Beaussier | 1 Roomphplanning | 2024-08-07 | N/A |
| admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts. | ||||
| CVE-2008-2539 | 1 Sun | 1 Cluster | 2024-08-07 | N/A |
| The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors. | ||||
| CVE-2008-2515 | 1 Ibm | 1 Aix | 2024-08-07 | N/A |
| Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." | ||||
| CVE-2008-2420 | 1 Stunnel | 1 Stunnel | 2024-08-07 | N/A |
| The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. | ||||
| CVE-2008-2378 | 1 Hf | 1 Hf | 2024-08-07 | N/A |
| Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | ||||
| CVE-2008-2348 | 1 Meltingicefs | 1 Meltingice File System | 2024-08-07 | N/A |
| MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php. | ||||
| CVE-2008-2402 | 1 Sun | 1 Java Asp Server | 2024-08-07 | N/A |
| The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. | ||||
| CVE-2008-2308 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. | ||||
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2024-08-07 | N/A |
| News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | ||||
| CVE-2008-2289 | 1 Symantec | 1 Altiris Deployment Solution | 2024-08-07 | N/A |
| Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2008-2346 | 1 Alkalinephp | 1 Alkalinephp | 2024-08-07 | N/A |
| AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php. | ||||
| CVE-2008-2400 | 1 Stunnel | 1 Stunnel | 2024-08-07 | N/A |
| Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2008-2294 | 1 Mreaves | 1 Pet Grooming Management System | 2024-08-07 | N/A |
| Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin." | ||||