The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2008-7313 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | High | Apr 4, 2017 | n/a |
CVE-2008-7314 | mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname. | MEDIUM | Jan 27, 2020 | n/a |
CVE-2008-7315 | UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. | -- | Oct 10, 2017 | n/a |
CVE-2008-7319 | The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. | -- | Nov 7, 2017 | n/a |
CVE-2008-7320 | ** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision. | LOW | Dec 17, 2018 | n/a |
CVE-2008-7321 | The tubepress plugin before 1.6.5 for WordPress has XSS. | MEDIUM | Aug 23, 2019 | n/a |
CVE-2008-10001 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | MEDIUM | Mar 29, 2022 | n/a |
CVE-2009-0035 | alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | LOW | Nov 12, 2019 | n/a |
CVE-2009-0037 | The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. | Medium | Mar 13, 2009 | webcli_curl-7.50.3.0 (VxWorks 7) |
CVE-2009-0590 | The ASN1_STRING_print_ex function in Ope | LOW | Apr 8, 2009 | n/a |
CVE-2009-0591 | The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | LOW | Mar 27, 2009 | n/a |
CVE-2009-0789 | OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. | LOW | Mar 30, 2009 | n/a |
CVE-2009-0947 | Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. | HIGH | Jun 2, 2021 | n/a |
CVE-2009-0948 | Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. | HIGH | Jun 2, 2021 | n/a |
CVE-2009-1120 | EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker. | HIGH | Jan 15, 2020 | n/a |
CVE-2009-1142 | An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. | -- | Nov 23, 2022 | n/a |
CVE-2009-1143 | An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). | -- | Nov 23, 2022 | n/a |
CVE-2009-1197 | Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp. | -- | Nov 1, 2017 | n/a |
CVE-2009-1198 | Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. | -- | Nov 1, 2017 | n/a |
CVE-2009-2042 | libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via out-of-bounds pixels in the file. | LOW | Jun 15, 2009 | n/a |
CVE-2009-2417 | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a ' |