Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-6420 | 4.3 |
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
|
26-04-2024 - 16:08 | 12-01-2008 - 00:46 | |
CVE-2008-3432 | 6.8 |
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
|
13-02-2023 - 02:19 | 10-10-2008 - 10:30 | |
CVE-2008-2938 | 4.3 |
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
|
13-02-2023 - 02:19 | 13-08-2008 - 00:41 | |
CVE-2008-1947 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
|
13-02-2023 - 02:19 | 04-06-2008 - 19:32 | |
CVE-2008-2370 | 5.0 |
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traver
|
13-02-2023 - 02:19 | 04-08-2008 - 01:41 | |
CVE-2008-2364 | 5.0 |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
|
13-02-2023 - 02:19 | 13-06-2008 - 18:41 | |
CVE-2007-5342 | 6.4 |
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and ov
|
13-02-2023 - 02:18 | 27-12-2007 - 22:46 | |
CVE-2007-5333 | 5.0 |
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as se
|
13-02-2023 - 02:18 | 12-02-2008 - 01:00 | |
CVE-2008-1678 | 5.0 |
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client hand
|
13-02-2023 - 02:18 | 10-07-2008 - 17:41 | |
CVE-2008-1232 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
|
13-02-2023 - 02:18 | 04-08-2008 - 01:41 | |
CVE-2008-2371 | 7.5 |
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins
|
01-08-2022 - 15:54 | 07-07-2008 - 23:41 | |
CVE-2008-4211 | 10.0 |
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) an
|
23-05-2021 - 00:52 | 10-10-2008 - 10:30 | |
CVE-2008-3913 | 5.0 |
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
|
10-11-2020 - 18:34 | 11-09-2008 - 01:13 | |
CVE-2008-3912 | 5.0 |
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
|
09-11-2020 - 03:20 | 11-09-2008 - 01:13 | |
CVE-2008-3914 | 10.0 |
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
|
05-11-2020 - 16:05 | 11-09-2008 - 01:13 | |
CVE-2008-0226 | 7.5 |
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass
|
17-12-2019 - 20:26 | 10-01-2008 - 23:46 | |
CVE-2008-2079 | 4.6 |
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY argume
|
17-12-2019 - 15:25 | 05-05-2008 - 16:20 | |
CVE-2007-6286 | 4.3 |
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recen
|
25-03-2019 - 11:29 | 12-02-2008 - 01:00 | |
CVE-2007-5461 | 3.5 |
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write reque
|
25-03-2019 - 11:29 | 15-10-2007 - 18:17 | |
CVE-2008-2712 | 9.3 |
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3)
|
01-11-2018 - 15:07 | 16-06-2008 - 21:41 | |
CVE-2007-2691 | 4.9 |
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. The vendor has released a product update to address
|
19-10-2018 - 19:00 | 16-05-2007 - 01:19 | |
CVE-2008-0674 | 7.5 |
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
|
15-10-2018 - 22:02 | 18-02-2008 - 23:00 | |
CVE-2008-0227 | 7.5 |
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update f
|
15-10-2018 - 21:58 | 10-01-2008 - 23:46 | |
CVE-2008-0002 | 5.8 |
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting dur
|
15-10-2018 - 21:56 | 12-02-2008 - 01:00 | |
CVE-2007-5969 | 7.1 |
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows
|
15-10-2018 - 21:48 | 10-12-2007 - 19:46 | |
CVE-2007-4850 | 5.0 |
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vuln
|
15-10-2018 - 21:38 | 25-01-2008 - 01:00 | |
CVE-2008-4101 | 9.3 |
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute
|
11-10-2018 - 20:50 | 18-09-2008 - 17:59 | |
CVE-2008-3641 | 10.0 |
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
|
11-10-2018 - 20:48 | 10-10-2008 - 10:30 | |
CVE-2008-3294 | 3.7 |
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this
|
11-10-2018 - 20:47 | 24-07-2008 - 18:41 | |
CVE-2008-1767 | 7.5 |
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that trigg
|
29-09-2017 - 01:30 | 23-05-2008 - 15:32 | |
CVE-2008-4214 | 4.6 |
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-4215 | 7.5 |
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-4212 | 10.0 |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-3642 | 9.3 |
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-3646 | 6.8 |
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-3647 | 9.3 |
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-3645 | 7.2 |
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-3643 | 7.8 |
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error r
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-1389 | 5.0 |
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
|
08-03-2011 - 03:07 | 04-09-2008 - 16:41 |