The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-2735 | The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369. | High | Sep 10, 2008 |
| CVE-2008-2734 | Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472. | High | Sep 10, 2008 |
| CVE-2008-2733 | Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. | High | Sep 10, 2008 |
| CVE-2008-2732 | Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315. | High | Sep 10, 2008 |
| CVE-2008-2730 | The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | Medium | Jun 26, 2008 |
| CVE-2008-2729 | arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information. | Medium | Jul 1, 2008 |
| CVE-2008-2728 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2726. Reason: This candidate is a duplicate of CVE-2008-2726. Notes: All CVE users should reference CVE-2008-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | REJECT | Sep 10, 2008 |
| CVE-2008-2727 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2725. Reason: This candidate is a duplicate of CVE-2008-2725. Notes: All CVE users should reference CVE-2008-2725 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | REJECT | Sep 10, 2008 |
| CVE-2008-2726 | Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | High | Jun 24, 2008 |
| CVE-2008-2725 | Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | High | Jun 24, 2008 |
| CVE-2008-2724 | Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | Medium | Jun 20, 2008 |
| CVE-2008-2723 | embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to spoofing the remote address. | Medium | Jun 27, 2008 |
| CVE-2008-2722 | Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | High | Jun 27, 2008 |
| CVE-2008-2721 | Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a Unchanged album to a hidden album. | Medium | Jun 20, 2008 |
| CVE-2008-2720 | Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. | Medium | Jun 27, 2008 |
| CVE-2008-2719 | Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow. | Medium | Jun 27, 2008 |
| CVE-2008-2718 | Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jun 27, 2008 |
| CVE-2008-2717 | TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | Medium | Jun 27, 2008 |
| CVE-2008-2716 | Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. | Medium | Jun 27, 2008 |
| CVE-2008-2715 | Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. | Medium | Jun 27, 2008 |
| CVE-2008-2714 | Opera before 9.26 allows remote attackers to misrepresent web page addresses using certain characters that cause the page address text to be misplaced. | Medium | Jun 27, 2008 |
| CVE-2008-2713 | libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. | Medium | Jun 27, 2008 |
| CVE-2008-2712 | Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw. | High | Jun 27, 2008 |
| CVE-2008-2711 | fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which is not properly handled when using vsnprintf to format log messages. | Medium | Jun 27, 2008 |
| CVE-2008-2710 | Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison. | High | Jun 27, 2008 |
| CVE-2008-2709 | Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios. | Medium | Jun 27, 2008 |
| CVE-2008-2708 | Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files. | Medium | Jun 20, 2008 |
| CVE-2008-2707 | Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. | High | Jun 17, 2008 |
| CVE-2008-2706 | Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference. | Medium | Jun 17, 2008 |
| CVE-2008-2705 | Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | High | Jun 17, 2008 |
| CVE-2008-2704 | Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID. NOTE: it is not clear whether this issue crosses privilege boundaries. | Medium | Jun 16, 2008 |
| CVE-2008-2703 | Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via spoofed server responses. | High | Jun 16, 2008 |
| CVE-2008-2702 | Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | High | Jun 16, 2008 |
| CVE-2008-2701 | SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php. | Medium | Jun 16, 2008 |
| CVE-2008-2700 | SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Jun 16, 2008 |
| CVE-2008-2699 | Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | High | Jun 16, 2008 |
| CVE-2008-2698 | Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the add comment section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter. | Medium | Jun 16, 2008 |
| CVE-2008-2697 | SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | High | Jun 16, 2008 |
| CVE-2008-2696 | Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to pretty printing and the RationalValue::toLong function. | Medium | Jun 16, 2008 |
| CVE-2008-2695 | Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | High | Jun 16, 2008 |
| CVE-2008-2694 | Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | Medium | Jun 16, 2008 |
| CVE-2008-2693 | Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method. | High | Jun 16, 2008 |
| CVE-2008-2692 | SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php. | High | Jun 16, 2008 |
| CVE-2008-2691 | SQL injection vulnerability in read.asp in JiRo\'s FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter. | High | Jun 16, 2008 |
| CVE-2008-2690 | Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-????. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Jun 16, 2008 |
| CVE-2008-2689 | PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter. | High | Jun 16, 2008 |
| CVE-2008-2688 | SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action. | High | Jun 16, 2008 |
| CVE-2008-2687 | Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | High | Jun 16, 2008 |
| CVE-2008-2686 | webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename. | High | Jun 16, 2008 |
| CVE-2008-2685 | SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626. | High | Jun 12, 2008 |
