250601
|
7.2 |
HIGH
|
xfree86_project
|
xfree86
|
SGI IRIX buffer overflow in xterm and Xaw allows root access.
|
NVD-CWE-Other
|
CVE-1999-0126
|
2008-09-9 21:33 |
1998-05-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250602
|
7.2 |
HIGH
|
caldera eric_allman bsdi freebsd hp ibm redhat
|
network_desktop sendmail bsd_os freebsd hp-ux aix linux
|
Local users can start Sendmail in daemon mode and gain root privileges.
|
NVD-CWE-Other
|
CVE-1999-0130
|
2008-09-9 21:33 |
1996-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250603
|
7.2 |
HIGH
|
eric_allman bsdi digital freebsd hp ibm redhat sco
|
sendmail bsd_os osf_1 freebsd hp-ux aix linux internet_faststart openserver
|
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
|
NVD-CWE-Other
|
CVE-1999-0131
|
2008-09-9 21:33 |
1996-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250604
|
7.2 |
HIGH
|
sun
|
sunos
|
vold in Solaris 2.x allows local users to gain root access.
|
NVD-CWE-Other
|
CVE-1999-0134
|
2008-09-9 21:33 |
1996-08-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250605
|
3.7 |
LOW
|
netscape
|
navigator
|
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
|
NVD-CWE-Other
|
CVE-1999-0141
|
2008-09-9 21:33 |
1996-03-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250606
|
7.5 |
HIGH
|
sgi
|
irix
|
The handler CGI program in IRIX allows arbitrary command execution.
|
NVD-CWE-Other
|
CVE-1999-0148
|
2008-09-9 21:33 |
1997-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250607
|
5.0 |
MEDIUM
|
microsoft sco
|
windows_2000 windows_95 windows_nt openserver
|
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
|
NVD-CWE-Other
|
CVE-1999-0153
|
2008-09-9 21:33 |
1997-07-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250608
|
7.5 |
HIGH
|
cisco
|
ios
|
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
|
NVD-CWE-Other
|
CVE-1999-0160
|
2008-09-9 21:33 |
1997-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250609
|
7.5 |
HIGH
|
cisco
|
ios
|
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
|
NVD-CWE-Other
|
CVE-1999-0161
|
2008-09-9 21:33 |
1995-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250610
|
6.2 |
MEDIUM
|
sun
|
sunos
|
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
|
NVD-CWE-Other
|
CVE-1999-0164
|
2008-09-9 21:33 |
1995-08-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250611
|
10.0 |
HIGH
|
samba
|
samba
|
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
|
NVD-CWE-Other
|
CVE-1999-0182
|
2008-09-9 21:33 |
1997-09-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250612
|
10.0 |
HIGH
|
sun
|
solaris
|
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
|
NVD-CWE-Other
|
CVE-1999-0186
|
2008-09-9 21:33 |
1998-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250613
|
6.4 |
MEDIUM
|
microsoft
|
internet_information_server
|
IIS newdsn.exe CGI script allows remote users to overwrite files.
|
NVD-CWE-Other
|
CVE-1999-0191
|
2008-09-9 21:33 |
1997-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250614
|
5.0 |
MEDIUM
|
webgais_development_team
|
webgais
|
websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).
|
NVD-CWE-Other
|
CVE-1999-0196
|
2008-09-9 21:33 |
1997-07-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250615
|
7.5 |
HIGH
|
google
|
google_apps
|
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a r…
|
NVD-CWE-noinfo CWE-287
不適切な認証
|
CVE-2008-3891
|
2008-09-6 06:44 |
2008-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250616
|
2.1 |
LOW
|
suspend2
|
software_suspend_2
|
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local u…
|
CWE-200
情報漏えい
|
CVE-2008-3901
|
2008-09-6 06:44 |
2008-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250617
|
7.5 |
HIGH
|
speedbit
|
download_accelerator_plus
|
SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd…
|
CWE-94
コード・インジェクション
|
CVE-2008-3433
|
2008-09-6 06:43 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250618
|
7.5 |
HIGH
|
linkedin
|
browser_toolbar
|
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as …
|
CWE-94
コード・インジェクション
|
CVE-2008-3435
|
2008-09-6 06:43 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250619
|
7.5 |
HIGH
|
notepad\+\+
|
notepad\+\+
|
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse up…
|
CWE-94
コード・インジェクション
|
CVE-2008-3436
|
2008-09-6 06:43 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250620
|
7.5 |
HIGH
|
openoffice
|
openoffice.org
|
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated b…
|
CWE-94
コード・インジェクション
|
CVE-2008-3437
|
2008-09-6 06:43 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250621
|
7.5 |
HIGH
|
speedbit
|
speedbit_video_accelerator
|
SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demon…
|
CWE-94
コード・インジェクション
|
CVE-2008-3439
|
2008-09-6 06:43 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250622
|
7.5 |
HIGH
|
winzip
|
winzip
|
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and…
|
CWE-94
コード・インジェクション
|
CVE-2008-3442
|
2008-09-6 06:43 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250623
|
7.5 |
HIGH
|
egi_zaberl
|
e.z._poll
|
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provena…
|
CWE-89
SQLインジェクション
|
CVE-2008-3590
|
2008-09-6 06:43 |
2008-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250624
|
5.0 |
MEDIUM
|
acronis
|
true_image_echo_server
|
Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this…
|
CWE-310
暗号の問題
|
CVE-2008-3671
|
2008-09-6 06:43 |
2008-08-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250625
|
7.5 |
HIGH
|
yourfreeworld
|
stylish_text_ads_script
|
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQLインジェクション
|
CVE-2008-3754
|
2008-09-6 06:43 |
2008-08-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250626
|
4.3 |
MEDIUM
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3233
|
2008-09-6 06:42 |
2008-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250627
|
10.0 |
HIGH
|
jamroom
|
jamroom
|
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
|
NVD-CWE-noinfo CWE-264
認可・権限・アクセス制御
|
CVE-2008-3376
|
2008-09-6 06:42 |
2008-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250628
|
4.3 |
MEDIUM
|
opendocman
|
opendocman
|
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-2788
|
2008-09-6 06:41 |
2008-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250629
|
6.8 |
MEDIUM
|
exerocms
|
exero_cms
|
Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompa…
|
CWE-22
パス・トラバーサル
|
CVE-2008-2840
|
2008-09-6 06:41 |
2008-06-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250630
|
6.8 |
MEDIUM
|
webchamado
|
webchamado
|
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the d…
|
CWE-89
SQLインジェクション
|
CVE-2008-2858
|
2008-09-6 06:41 |
2008-06-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250631
|
4.3 |
MEDIUM
|
flicks_software
|
authentix
|
Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1174
|
2008-09-6 06:37 |
2008-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250632
|
4.3 |
MEDIUM
|
flicks_software
|
authentix
|
Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vec…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1175
|
2008-09-6 06:37 |
2008-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250633
|
9.3 |
HIGH
|
microsoft
|
access jet
|
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is pro…
|
NVD-CWE-noinfo
|
CVE-2008-1200
|
2008-09-6 06:37 |
2008-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250634
|
7.5 |
HIGH
|
lagarde
|
storefront
|
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of t…
|
CWE-89
SQLインジェクション
|
CVE-2008-1341
|
2008-09-6 06:37 |
2008-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250635
|
4.3 |
MEDIUM
|
polymita_technologies
|
bpm_suite collageportal
|
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1342
|
2008-09-6 06:37 |
2008-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250636
|
4.3 |
MEDIUM
|
manageengine
|
supportcenter_plus
|
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a r…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1432
|
2008-09-6 06:37 |
2008-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250637
|
3.6 |
LOW
|
paul_pelzl
|
wyrd
|
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.
|
CWE-59
リンク解釈の問題
|
CVE-2008-0806
|
2008-09-6 06:36 |
2008-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250638
|
4.3 |
MEDIUM
|
ikiwiki
|
ikiwiki
|
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-0808
|
2008-09-6 06:36 |
2008-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250639
|
4.3 |
MEDIUM
|
ikiwiki
|
ikiwiki
|
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-0809
|
2008-09-6 06:36 |
2008-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250640
|
10.0 |
HIGH
|
caroline
|
caroline
|
Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2008-0824
|
2008-09-6 06:36 |
2008-02-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250641
|
7.5 |
HIGH
|
joomla mambo
|
com_profile
|
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
|
CWE-89
SQLインジェクション
|
CVE-2008-0846
|
2008-09-6 06:36 |
2008-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250642
|
4.3 |
MEDIUM
|
schoolwires
|
academic_portal
|
Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-0909
|
2008-09-6 06:36 |
2008-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250643
|
4.3 |
MEDIUM
|
invision_power_services
|
invision_power_board
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-0913
|
2008-09-6 06:36 |
2008-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250644
|
4.3 |
MEDIUM
|
tor_world
|
com_vote i-navigator interactive_bbs mobile_frontier quotes_of_the_day simple_bbs simple_vote tor_board tor_news tor_search
|
Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 an…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-0917
|
2008-09-6 06:36 |
2008-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250645
|
7.2 |
HIGH
|
freshmeat
|
xwine
|
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtain…
|
CWE-59
リンク解釈の問題
|
CVE-2008-0930
|
2008-09-6 06:36 |
2008-03-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250646
|
6.3 |
MEDIUM
|
xwine
|
xwine
|
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modify…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2008-0931
|
2008-09-6 06:36 |
2008-03-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250647
|
7.5 |
HIGH
|
xoops
|
prayer_list_module
|
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
|
CWE-89
SQLインジェクション
|
CVE-2008-0936
|
2008-09-6 06:36 |
2008-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250648
|
6.8 |
MEDIUM
|
tinyevent xoops
|
tinyevent tiny_event_module
|
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a differ…
|
CWE-89
SQLインジェクション
|
CVE-2008-0937
|
2008-09-6 06:36 |
2008-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250649
|
4.3 |
MEDIUM
|
webgui
|
webgui
|
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CV…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-0940
|
2008-09-6 06:36 |
2008-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
250650
|
4.3 |
MEDIUM
|
matts_whois
|
matts_whois
|
Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1041
|
2008-09-6 06:36 |
2008-02-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|