| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
60051 |
CVE-2008-5443 |
|
|
|
2009-01-13 |
2016-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442. |
|
60052 |
CVE-2008-5442 |
|
|
|
2009-01-13 |
2016-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5443. |
|
60053 |
CVE-2008-5441 |
|
|
|
2009-01-13 |
2016-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5442 and CVE-2008-5443. |
|
60054 |
CVE-2008-5439 |
|
|
|
2009-01-13 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors. |
|
60055 |
CVE-2008-5438 |
|
|
|
2009-01-13 |
2012-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. |
|
60056 |
CVE-2008-5437 |
|
|
|
2009-01-13 |
2012-10-22 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB. |
|
60057 |
CVE-2008-5436 |
|
|
|
2009-01-13 |
2012-10-22 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors. |
|
60058 |
CVE-2008-5435 |
79 |
|
XSS |
2008-12-11 |
2009-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. |
|
60059 |
CVE-2008-5434 |
89 |
|
Exec Code Sql |
2008-12-11 |
2017-08-07 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. |
|
60060 |
CVE-2008-5433 |
79 |
|
XSS |
2008-12-11 |
2009-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. |
|
60061 |
CVE-2008-5432 |
79 |
|
XSS |
2008-12-11 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). |
|
60062 |
CVE-2008-5431 |
20 |
|
DoS |
2008-12-11 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. |
|
60063 |
CVE-2008-5430 |
399 |
|
DoS |
2008-12-13 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. |
|
60064 |
CVE-2008-5429 |
399 |
|
DoS |
2008-12-11 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. |
|
60065 |
CVE-2008-5428 |
399 |
|
DoS |
2008-12-11 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. |
|
60066 |
CVE-2008-5427 |
399 |
|
DoS |
2008-12-11 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. |
|
60067 |
CVE-2008-5426 |
399 |
|
DoS |
2008-12-11 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. |
|
60068 |
CVE-2008-5425 |
399 |
|
DoS |
2008-12-11 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. |
|
60069 |
CVE-2008-5424 |
399 |
|
DoS |
2008-12-11 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. |
|
60070 |
CVE-2008-5423 |
200 |
|
+Info |
2008-12-11 |
2018-10-30 |
4.3 |
None |
Local |
Low |
Single system |
Partial |
Partial |
Partial |
|
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. |
|
60071 |
CVE-2008-5421 |
399 |
|
DoS |
2008-12-11 |
2008-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. |
|
60072 |
CVE-2008-5418 |
22 |
|
Dir. Trav. |
2008-12-10 |
2017-09-28 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. |
|
60073 |
CVE-2008-5417 |
264 |
|
Bypass |
2008-12-10 |
2011-01-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. |
|
60074 |
CVE-2008-5413 |
200 |
|
+Info |
2008-12-09 |
2011-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. |
|
60075 |
CVE-2008-5411 |
310 |
|
+Info |
2008-12-09 |
2017-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. |
|
60076 |
CVE-2008-5400 |
352 |
|
CSRF |
2008-12-10 |
2018-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers. |
|
60077 |
CVE-2008-5399 |
79 |
|
XSS |
2008-12-10 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
|
60078 |
CVE-2008-5395 |
119 |
|
DoS Overflow |
2008-12-08 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. |
|
60079 |
CVE-2008-5387 |
119 |
|
Overflow +Priv |
2008-12-08 |
2017-09-28 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. |
|
60080 |
CVE-2008-5386 |
119 |
|
Overflow +Priv |
2008-12-08 |
2008-12-17 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. |
|
60081 |
CVE-2008-5385 |
264 |
|
|
2008-12-08 |
2008-12-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. |
|
60082 |
CVE-2008-5384 |
264 |
|
+Priv |
2008-12-08 |
2017-09-28 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. |
|
60083 |
CVE-2008-5382 |
352 |
|
CSRF |
2008-12-08 |
2017-08-07 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
60084 |
CVE-2008-5380 |
59 |
|
|
2008-12-08 |
2009-08-19 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959. |
|
60085 |
CVE-2008-5379 |
59 |
|
|
2008-12-08 |
2008-12-09 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. |
|
60086 |
CVE-2008-5378 |
59 |
|
|
2008-12-08 |
2009-07-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. |
|
60087 |
CVE-2008-5377 |
59 |
|
|
2008-12-08 |
2017-09-28 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. |
|
60088 |
CVE-2008-5376 |
59 |
|
|
2008-12-08 |
2008-12-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. |
|
60089 |
CVE-2008-5375 |
59 |
|
|
2008-12-08 |
2009-09-11 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. |
|
60090 |
CVE-2008-5374 |
59 |
|
|
2008-12-08 |
2013-04-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. |
|
60091 |
CVE-2008-5373 |
59 |
|
|
2008-12-08 |
2018-10-09 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. |
|
60092 |
CVE-2008-5372 |
59 |
|
|
2008-12-08 |
2008-12-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. |
|
60093 |
CVE-2008-5371 |
59 |
|
|
2008-12-08 |
2009-09-11 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. |
|
60094 |
CVE-2008-5370 |
59 |
|
|
2008-12-08 |
2008-12-16 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. |
|
60095 |
CVE-2008-5369 |
59 |
|
|
2008-12-08 |
2008-12-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. |
|
60096 |
CVE-2008-5368 |
59 |
|
|
2008-12-08 |
2009-03-26 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. |
|
60097 |
CVE-2008-5367 |
59 |
|
|
2008-12-08 |
2008-12-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. |
|
60098 |
CVE-2008-5366 |
59 |
|
|
2008-12-08 |
2009-01-23 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. |
|
60099 |
CVE-2008-5363 |
399 |
|
DoS |
2008-12-08 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. |
|
60100 |
CVE-2008-5362 |
20 |
|
|
2008-12-08 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. |
