CVE List - 2008 / June
Showing 1 - 100 of 437 CVEs for June 2008 (Page 1 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2008-1028 | 2008-06-02 | Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted... |
| CVE-2008-1030 | 2008-06-02 | Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial... |
| CVE-2008-1031 | 2008-06-02 | CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to... |
| CVE-2008-1032 | 2008-06-02 | Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4)... |
| CVE-2008-1033 | 2008-06-02 | The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials)... |
| CVE-2008-1034 | 2008-06-02 | Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted... |
| CVE-2008-1036 | 2008-06-02 | The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion... |
| CVE-2008-1571 | 2008-06-02 | Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in... |
| CVE-2008-1572 | 2008-06-02 | Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized... |
| CVE-2008-1573 | 2008-06-02 | The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP... |
| CVE-2008-1574 | 2008-06-02 | Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000... |
| CVE-2008-1575 | 2008-06-02 | Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font... |
| CVE-2008-1576 | 2008-06-02 | Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or... |
| CVE-2008-1577 | 2008-06-02 | Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service... |
| CVE-2008-1578 | 2008-06-02 | The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the... |
| CVE-2008-1579 | 2008-06-02 | Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent... |
| CVE-2008-1580 | 2008-06-02 | CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to... |
| CVE-2008-2098 | 2008-06-02 | Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before... |
| CVE-2008-2099 | 2008-06-02 | Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows... |
| CVE-2008-2359 | 2008-06-02 | The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the... |
| CVE-2008-2363 | 2008-06-02 | The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash)... |
| CVE-2008-2426 | 2008-06-02 | Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM... |
| CVE-2008-2511 | 2008-06-02 | Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a ..... |
| CVE-2008-2512 | 2008-06-02 | Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2008-2513 | 2008-06-02 | Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors. |
| CVE-2008-2514 | 2008-06-02 | Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. |
| CVE-2008-2515 | 2008-06-02 | Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." |
| CVE-2008-2516 | 2008-06-03 | pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a... |
| CVE-2008-2517 | 2008-06-03 | The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process. |
| CVE-2008-2518 | 2008-06-03 | Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary... |
| CVE-2008-2519 | 2008-06-03 | Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands,... |
| CVE-2008-0169 | 2008-06-03 | Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a... |
| CVE-2008-2520 | 2008-06-03 | Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to... |
| CVE-2008-2521 | 2008-06-03 | SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. |
| CVE-2008-2522 | 2008-06-03 | SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter... |
| CVE-2008-2523 | 2008-06-03 | SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2008-2524 | 2008-06-03 | BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. |
| CVE-2008-2525 | 2008-06-03 | Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-2526 | 2008-06-03 | Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-2527 | 2008-06-03 | Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows... |
| CVE-2008-2528 | 2008-06-03 | Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via... |
| CVE-2008-2529 | 2008-06-03 | SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter. |
| CVE-2008-2530 | 2008-06-03 | Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to... |
| CVE-2008-2531 | 2008-06-03 | Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| CVE-2008-2532 | 2008-06-03 | SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-2533 | 2008-06-03 | Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a)... |
| CVE-2008-2534 | 2008-06-03 | Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the... |
| CVE-2008-2535 | 2008-06-03 | Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3)... |
| CVE-2008-2536 | 2008-06-03 | SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter. |
| CVE-2008-2537 | 2008-06-03 | SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| CVE-2008-2538 | 2008-06-03 | Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified... |
| CVE-2008-2539 | 2008-06-03 | The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data... |
| CVE-2008-2540 | 2008-06-03 | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers... |
| CVE-2008-1035 | 2008-06-03 | Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi"... |
| CVE-2008-1661 | 2008-06-04 | Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request. |
| CVE-2008-1947 | 2008-06-04 | Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the... |
| CVE-2008-2119 | 2008-06-04 | Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial... |
| CVE-2008-2547 | 2008-06-04 | Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option.... |
| CVE-2008-2548 | 2008-06-04 | Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS... |
| CVE-2008-2549 | 2008-06-04 | Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document,... |
| CVE-2007-5604 | 2008-06-04 | Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first... |
| CVE-2007-5605 | 2008-06-04 | Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument,... |
| CVE-2007-5606 | 2008-06-04 | Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument,... |
| CVE-2007-5607 | 2008-06-04 | Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first... |
| CVE-2007-5608 | 2008-06-04 | The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client... |
| CVE-2007-5610 | 2008-06-04 | The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the... |
| CVE-2008-0952 | 2008-06-04 | The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in... |
| CVE-2008-0953 | 2008-06-04 | The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument,... |
| CVE-2008-1108 | 2008-06-04 | Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. |
| CVE-2008-1109 | 2008-06-04 | Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a... |
| CVE-2008-2401 | 2008-06-04 | The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a... |
| CVE-2008-2402 | 2008-06-04 | The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read... |
| CVE-2008-2403 | 2008-06-04 | Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a ..... |
| CVE-2008-2404 | 2008-06-04 | Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field. |
| CVE-2008-2405 | 2008-06-04 | Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications. |
| CVE-2008-2406 | 2008-06-04 | The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. |
| CVE-2008-2541 | 2008-06-04 | Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service... |
| CVE-2008-2550 | 2008-06-04 | Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP... |
| CVE-2008-1770 | 2008-06-04 | CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded... |
| CVE-2008-2055 | 2008-06-04 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via... |
| CVE-2008-2056 | 2008-06-04 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a... |
| CVE-2008-2057 | 2008-06-04 | The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers... |
| CVE-2008-2058 | 2008-06-04 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a... |
| CVE-2008-2059 | 2008-06-04 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors. |
| CVE-2008-2551 | 2008-06-04 | The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with... |
| CVE-2007-5671 | 2008-06-05 | HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5... |
| CVE-2008-0967 | 2008-06-05 | Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before... |
| CVE-2008-1518 | 2008-06-05 | Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call. |
| CVE-2008-2097 | 2008-06-05 | Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." |
| CVE-2008-2100 | 2008-06-05 | Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion... |
| CVE-2008-2231 | 2008-06-05 | SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter. |
| CVE-2008-2542 | 2008-06-05 | Stack-based buffer overflow in the getline function in Ppm/ppm.C in NASA Ames Research Center BigView 1.8 allows user-assisted remote attackers to execute arbitrary code via a crafted PNM file. |
| CVE-2008-2543 | 2008-06-05 | The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets... |
| CVE-2008-2552 | 2008-06-05 | Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified... |
| CVE-2008-2553 | 2008-06-05 | Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter. |
| CVE-2008-2554 | 2008-06-05 | Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp. |
| CVE-2008-2555 | 2008-06-05 | SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter. |
| CVE-2008-2556 | 2008-06-05 | SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action. |
| CVE-2008-2557 | 2008-06-05 | Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Links and (2) Links Submit pages. |
| CVE-2008-2558 | 2008-06-05 | CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are... |