The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2008-2363 | The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow. | High | Jun 12, 2008 |
CVE-2008-2362 | Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. | High | Jun 27, 2008 |
CVE-2008-2361 | Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. | Medium | Jun 27, 2008 |
CVE-2008-2360 | Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. | High | Jun 20, 2008 |
CVE-2008-2359 | The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | High | Jun 12, 2008 |
CVE-2008-2358 | The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and probably other versions, does not properly check feature lengths, which might allow remote attackers to execute arbitrary code, related to an unspecified overflow. | High | Jun 10, 2008 |
CVE-2008-2357 | Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. | Medium | May 21, 2008 |
CVE-2008-2356 | SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | High | May 20, 2008 |
CVE-2008-2355 | Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event. | Medium | May 20, 2008 |
CVE-2008-2354 | Unspecified vulnerability in the data export function in testMaker before 3.0p10 allows test authors to obtain access to export data via unknown vectors. | Medium | May 21, 2008 |
CVE-2008-2353 | Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | High | May 21, 2008 |
CVE-2008-2352 | Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie. | Medium | May 21, 2008 |
CVE-2008-2351 | Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters. | High | May 21, 2008 |
CVE-2008-2350 | Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. | Medium | May 21, 2008 |
CVE-2008-2349 | Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/Unchangeduser.php with the admin parameter set to 1. | High | May 20, 2008 |
CVE-2008-2348 | MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create Unchanged user accounts, and exceed application quotas via a direct request to admin/adduser.php. | High | May 20, 2008 |
CVE-2008-2347 | MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to admin in a direct request to admin/addUser.php. | High | May 20, 2008 |
CVE-2008-2346 | AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php. | High | May 21, 2008 |
CVE-2008-2345 | Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to insufficient file filtering. | High | May 19, 2008 |
CVE-2008-2344 | Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | May 19, 2008 |
CVE-2008-2343 | Unchangeds Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | High | May 19, 2008 |
CVE-2008-2342 | Directory traversal vulnerability in attachments.php in Unchangeds Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | Medium | May 19, 2008 |
CVE-2008-2341 | PHP remote file inclusion vulnerability in ch_readalso.php in Unchangeds Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. | High | May 19, 2008 |
CVE-2008-2340 | Multiple SQL injection vulnerabilities in Unchangeds Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php. | High | May 19, 2008 |
CVE-2008-2339 | SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. | High | May 19, 2008 |
CVE-2008-2338 | Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. | High | May 19, 2008 |
CVE-2008-2337 | Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163. | High | May 19, 2008 |
CVE-2008-2336 | SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | High | May 19, 2008 |
CVE-2008-2335 | Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. | Medium | May 19, 2008 |
CVE-2008-2334 | Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W1L3D4_konuoku.asp and (e) W1L3D4_konuya_mesaj_yaz.asp; and the (3) topic parameter to W1L3D4_konuya_mesaj_yaz.asp, different vectors than CVE-2008-1939, CVE-2007-2641, and CVE-2007-0920. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | May 19, 2008 |
CVE-2008-2333 | Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | Medium | May 27, 2008 |
CVE-2008-2332 | ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. | High | Oct 1, 2008 |
CVE-2008-2331 | Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | Medium | Sep 24, 2008 |
CVE-2008-2330 | slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an insecure file operation issue. | Medium | Sep 24, 2008 |
CVE-2008-2329 | Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | Low | Sep 24, 2008 |
CVE-2008-2327 | Multiple buffer underflows in the (1) LZWDecode and (2) LZWDecodeCompat functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file. NOTE: some of these details are obtained from third party information. | High | Aug 27, 2008 |
CVE-2008-2326 | mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. | Medium | Sep 11, 2008 |
CVE-2008-2325 | QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient bounds checking. | High | Aug 4, 2008 |
CVE-2008-2324 | The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. | Medium | Aug 5, 2008 |
CVE-2008-2323 | Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages. | High | Aug 4, 2008 |
CVE-2008-2322 | Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. | High | Aug 4, 2008 |
CVE-2008-2321 | Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving processing of arguments. | High | Aug 4, 2008 |
CVE-2008-2320 | Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename. | High | Aug 4, 2008 |
CVE-2008-2318 | The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | Medium | Jul 15, 2008 |
CVE-2008-2317 | Unspecified vulnerability in WebCore in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving style sheet elements that trigger memory corruption, probably during garbage collection, a different vulnerability than CVE-2008-1590. | High | Jul 15, 2008 |
CVE-2008-2316 | Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. | High | Aug 4, 2008 |
CVE-2008-2315 | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. | High | Aug 4, 2008 |
CVE-2008-2314 | Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. | Medium | Jul 3, 2008 |
CVE-2008-2313 | Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | Medium | Jul 7, 2008 |
CVE-2008-2312 | Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | Medium | Sep 24, 2008 |