The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-5449 | Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | High | Jan 14, 2009 |
| CVE-2008-5450 | Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10, CU2, and 12.0.6 allows local users to affect confidentiality via unknown vectors. | Low | Jan 14, 2009 |
| CVE-2008-5451 | Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors. | Medium | Jan 14, 2009 |
| CVE-2008-5452 | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | Medium | Jan 14, 2009 |
| CVE-2008-5454 | Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10, CU2, and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | Medium | Jan 14, 2009 |
| CVE-2008-5455 | Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | Medium | Jan 14, 2009 |
| CVE-2008-5456 | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | Medium | Jan 14, 2009 |
| CVE-2008-5457 | Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0, MP1, 9.2, MP3, 9.1, 9.0, 8.1, SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | High | Jan 14, 2009 |
| CVE-2008-5458 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 and CU2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | Medium | Jan 14, 2009 |
| CVE-2008-5459 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.See following link for additional information: https://support.bea.com/application_content/product_portlets/securityadvisories/2807.html | Medium | Jan 14, 2009 |
| CVE-2008-5460 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0, MP1, 9.2, MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.See following link for additional information: https://support.bea.com/application_content/product_portlets/securityadvisories/2810.html | Low | Jan 14, 2009 |
| CVE-2008-5461 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0, MP1, 9.2, MP3, 9.1, 9.0, 8.1, SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. | Medium | Jan 14, 2009 |
| CVE-2008-5462 | Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0, MP1, 9.2, MP3, 8.1, and SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.See following link for more information: https://support.bea.com/application_content/product_portlets/securityadvisories/2808.html | Medium | Jan 14, 2009 |
| CVE-2008-5463 | Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | Medium | Jan 14, 2009 |
| CVE-2008-4307 | Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. | Medium | Jan 13, 2009 |
| CVE-2008-5262 | Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file. | High | Jan 13, 2009 |
| CVE-2008-5517 | The web interface in git in SUSE openSUSE 10.3 allows remote attackers to execute arbitrary commands via shell metacharacters in an unspecified context. | High | Jan 13, 2009 |
| CVE-2008-5886 | TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | Medium | Jan 13, 2009 |
| CVE-2008-5887 | phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a local file include vulnerability. | Medium | Jan 13, 2009 |
| CVE-2008-5890 | SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | High | Jan 13, 2009 |
| CVE-2008-5897 | CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | High | Jan 13, 2009 |
| CVE-2009-0024 | The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. | High | Jan 13, 2009 |
| CVE-2008-5882 | SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | High | Jan 12, 2009 |
| CVE-2008-5883 | Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter. | High | Jan 12, 2009 |
| CVE-2008-5884 | AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header. | Medium | Jan 12, 2009 |
| CVE-2008-5885 | The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information. | Medium | Jan 12, 2009 |
| CVE-2008-5888 | Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information. | High | Jan 12, 2009 |
| CVE-2008-5889 | Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter. | Medium | Jan 12, 2009 |
| CVE-2008-5891 | Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | Medium | Jan 12, 2009 |
| CVE-2008-5892 | Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information. | High | Jan 12, 2009 |
| CVE-2008-5893 | Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action. | Low | Jan 12, 2009 |
| CVE-2008-5894 | Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | Medium | Jan 12, 2009 |
| CVE-2008-5895 | SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | High | Jan 12, 2009 |
| CVE-2008-5896 | CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. | High | Jan 12, 2009 |
| CVE-2008-5898 | CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | High | Jan 12, 2009 |
| CVE-2008-5899 | CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | High | Jan 12, 2009 |
| CVE-2008-5900 | CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | High | Jan 12, 2009 |
| CVE-2008-5901 | iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | High | Jan 12, 2009 |
| CVE-2009-0068 | Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. | Medium | Jan 12, 2009 |
| CVE-2009-0105 | Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. | Medium | Jan 12, 2009 |
| CVE-2009-0110 | SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | High | Jan 12, 2009 |
| CVE-2009-0111 | SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | High | Jan 12, 2009 |
| CVE-2009-0112 | Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. | Medium | Jan 12, 2009 |
| CVE-2008-2383 | CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. | High | Jan 10, 2009 |
| CVE-2008-5077 | OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | Medium | Jan 10, 2009 |
| CVE-2008-5821 | Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | Medium | Jan 10, 2009 |
| CVE-2008-5823 | An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. | Medium | Jan 10, 2009 |
| CVE-2009-0021 | NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.Note that versions 4.2.5 before 4.2.5p150 are development versions and not production versions. Development versions are not included in the CPE configuration for CVEs. | Medium | Jan 10, 2009 |
| CVE-2009-0046 | Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | Medium | Jan 10, 2009 |
| CVE-2009-0047 | Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | Medium | Jan 10, 2009 |
