CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
16051 CVE-2008-0975 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value.
16052 CVE-2008-0974 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.
16053 CVE-2008-0944 189 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required Partial None None
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
16054 CVE-2008-0927 399 DoS 2008-04-14 2018-10-31
5.0
None Remote Low Not required None None Partial
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
16055 CVE-2008-0905 22 Dir. Trav. 2008-02-22 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
16056 CVE-2008-0898 264 Bypass 2008-02-22 2008-09-05
5.8
None Remote Medium Not required Partial Partial None
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
16057 CVE-2008-0875 DoS 2008-02-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Hitachi EUR Print Manager, and related Client and Local Server products, 05-06 through 05-06-/B and 05-08 allows remote attackers to cause a denial of service (service hang or termination) via unspecified vectors related to "unexpected data."
16058 CVE-2008-0865 264 Bypass 2008-02-20 2018-10-30
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
16059 CVE-2008-0864 264 Bypass 2008-02-20 2018-10-30
5.0
None Remote Low Not required Partial None None
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
16060 CVE-2008-0863 200 +Info 2008-02-20 2008-09-05
5.0
None Remote Low Not required Partial None None
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
16061 CVE-2008-0859 399 DoS Mem. Corr. 2008-02-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
16062 CVE-2008-0852 DoS 2008-02-20 2018-10-15
5.0
None Remote Low Not required None None Partial
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
16063 CVE-2008-0813 22 Dir. Trav. 2008-02-18 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
16064 CVE-2008-0797 22 Dir. Trav. 2008-02-15 2017-08-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.
16065 CVE-2008-0792 264 Bypass 2008-02-14 2017-08-07
5.8
None Remote Medium Not required Partial Partial None
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
16066 CVE-2008-0791 20 DoS 2008-02-14 2018-10-15
5.0
None Remote Low Not required None None Partial
ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.
16067 CVE-2008-0790 22 Dir. Trav. 2008-02-14 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
16068 CVE-2008-0784 200 +Info 2008-02-14 2018-10-15
5.0
None Remote Low Not required Partial None None
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
16069 CVE-2008-0782 22 Exec Code Dir. Trav. 2008-02-14 2018-10-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
16070 CVE-2008-0767 189 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.
16071 CVE-2008-0760 22 Dir. Trav. 2008-02-13 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.
16072 CVE-2008-0759 310 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
16073 CVE-2008-0758 22 Dir. Trav. 2008-02-13 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.
16074 CVE-2008-0756 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.
16075 CVE-2008-0736 200 +Info 2008-02-12 2018-10-15
5.0
None Remote Low Not required Partial None None
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
16076 CVE-2008-0724 255 2008-02-11 2018-10-15
5.0
None Remote Low Not required Partial None None
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.
16077 CVE-2008-0709 264 2008-04-07 2017-08-07
5.5
None Remote Low Single system Partial Partial None
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
16078 CVE-2008-0703 22 Dir. Trav. 2008-02-11 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
16079 CVE-2008-0701 264 2008-02-11 2008-12-17
5.0
None Remote Low Not required None Partial None
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.
16080 CVE-2008-0672 20 DoS 2008-02-11 2018-10-15
5.0
None Remote Low Not required None None Partial
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
16081 CVE-2008-0644 XSS Bypass 2008-03-11 2017-08-07
5.0
None Remote Low Not required None Partial None
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
16082 CVE-2008-0636 200 +Info 2008-02-12 2018-10-15
5.0
None Remote Low Not required Partial None None
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
16083 CVE-2008-0613 59 2008-02-06 2018-10-15
5.0
None Remote Low Not required None Partial None
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
16084 CVE-2008-0608 119 DoS Overflow 2008-02-06 2018-10-15
5.0
None Remote Low Not required None None Partial
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
16085 CVE-2008-0597 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
16086 CVE-2008-0596 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
16087 CVE-2008-0594 2008-02-08 2018-10-15
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
16088 CVE-2008-0570 20 2008-02-04 2008-10-11
5.0
None Remote Low Not required None Partial None
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
16089 CVE-2008-0559 22 Dir. Trav. 2008-02-04 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
16090 CVE-2008-0549 189 DoS Overflow 2008-02-01 2017-08-07
5.0
None Remote Low Not required None None Partial
Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag.
16091 CVE-2008-0548 189 DoS 2008-02-01 2017-08-07
5.0
None Remote Low Not required None None Partial
Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails.
16092 CVE-2008-0542 22 Dir. Trav. 2008-02-01 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
16093 CVE-2008-0521 22 Dir. Trav. 2008-01-31 2017-09-28
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
16094 CVE-2008-0501 22 Dir. Trav. 2008-01-30 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
16095 CVE-2008-0489 22 Dir. Trav. 2008-01-30 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
16096 CVE-2008-0481 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
16097 CVE-2008-0480 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
16098 CVE-2008-0479 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
16099 CVE-2008-0475 20 +Info 2008-01-29 2017-08-07
5.0
None Remote Low Not required Partial None None
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
16100 CVE-2008-0466 287 Dir. Trav. 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Total number of vulnerabilities : 22711   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 (This Page)323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.