Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2306 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2024-11-21 | N/A |
| Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | ||||
| CVE-2008-2300 | 1 Citrix | 4 Access Essentials, Citrix Presentation Server, Desktop Server and 1 more | 2024-11-21 | N/A |
| Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. | ||||
| CVE-2008-2297 | 1 Roticv | 1 Rantx | 2024-11-21 | N/A |
| The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison. | ||||
| CVE-2008-2294 | 1 Mreaves | 1 Pet Grooming Management System | 2024-11-21 | N/A |
| Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin." | ||||
| CVE-2008-2293 | 1 Tpvgames | 1 Mpcs | 2024-11-21 | N/A |
| admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1. | ||||
| CVE-2008-2290 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | N/A |
| Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2008-2289 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | N/A |
| Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2008-2288 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | N/A |
| Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. | ||||
| CVE-2008-2287 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | N/A |
| Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. | ||||
| CVE-2008-2252 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-11-21 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." | ||||
| CVE-2008-2250 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-11-21 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." | ||||
| CVE-2008-2232 | 1 Afuse | 1 Afuse | 2024-11-21 | N/A |
| The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname. | ||||
| CVE-2008-2226 | 1 Openkm | 1 Openkm | 2024-11-21 | N/A |
| Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2216 | 1 Pbcs | 1 Project-based Calendaring System | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads. | ||||
| CVE-2008-2174 | 1 Shelter Manager | 1 Animal Shelter Manager | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing." | ||||
| CVE-2008-2148 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2024-11-21 | N/A |
| The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. | ||||
| CVE-2008-2147 | 1 Videolan | 1 Vlc | 2024-11-21 | N/A |
| Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. | ||||
| CVE-2008-2146 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. | ||||
| CVE-2008-2139 | 1 Rpath | 1 Appliance Platform Agent | 2024-11-21 | N/A |
| The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. | ||||
| CVE-2008-2138 | 1 Oracle | 1 Application Server Portal | 2024-11-21 | N/A |
| Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report. | ||||