acresso -- flexnet_connect |
Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method. |
2008-10-15 | 9.3 | CVE-2008-4586 BID MILW0RM SECUNIA |
acresso -- flexnet_connect |
Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders. |
2008-10-15 | 9.3 | CVE-2008-4587 XF BID MILW0RM SECUNIA |
apple -- cups |
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. |
2008-10-10 | 10.0 | CVE-2008-3641 BID CONFIRM |
apple -- cups |
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count. |
2008-10-14 | 7.5 | CVE-2008-3639 SECTRACK BID REDHAT MANDRIVA FRSIRT CONFIRM CONFIRM SECUNIA SECUNIA |
aspindir -- munzursoft_web_portal_w3 |
SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter. |
2008-10-15 | 7.5 | CVE-2008-4573 BID MILW0RM SECUNIA |
aspindir -- ayco_okul_portali |
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter. |
2008-10-15 | 7.5 | CVE-2008-4574 XF BID MILW0RM SECUNIA |
belong_software -- site_builder |
Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php. |
2008-10-15 | 7.5 | CVE-2008-4585 XF BID BUGTRAQ |
ca -- arcserve_backup ca -- business_protection_suite ca -- server_protection_suite |
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. |
2008-10-14 | 10.0 | CVE-2008-4397 CONFIRM |
chilkat_software -- ftp |
Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method. |
2008-10-15 | 7.5 | CVE-2008-4583 BID MILW0RM |
cisco -- unity |
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. |
2008-10-13 | 7.1 | CVE-2008-4543 MISC BID FRSIRT CISCO SECTRACK SECUNIA |
cutephp -- cutenews |
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression. |
2008-10-14 | 10.0 | CVE-2008-4557 XF OSVDB MILW0RM SECUNIA |
dvrhost -- web_cms |
Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method. |
2008-10-14 | 9.3 | CVE-2008-4547 XF BID MILW0RM SECUNIA |
etype -- eserv |
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command. |
2008-10-15 | 10.0 | CVE-2008-4588 XF MISC BID MILW0RM |
gentoo -- cman gentoo -- fence |
fence_manual in fence allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file. |
2008-10-15 | 7.2 | CVE-2008-4580 MLIST |
graphviz -- graphviz |
Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. |
2008-10-14 | 8.5 | CVE-2008-4555 BID |
guildftpd -- guildftpd |
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow. |
2008-10-15 | 10.0 | CVE-2008-4572 BID MILW0RM FRSIRT SECUNIA |
hp -- openview_network_node_manager |
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954. |
2008-10-13 | 9.0 | CVE-2008-3544 HP |
hp -- openview_network_node_manager |
Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536, CVE-2008-3537, and CVE-2008-3544. NOTE: due to insufficient details from the vendor, it is not clear whether this is the same as CVE-2008-1853. |
2008-10-13 | 7.8 | CVE-2008-3545 HP |
lenovo -- resuce_and_recovery |
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. |
2008-10-15 | 7.2 | CVE-2008-4589 BID CONFIRM CONFIRM |
linksys -- wap400n |
The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. |
2008-10-14 | 7.8 | CVE-2008-4441 XF BID BUGTRAQ FRSIRT SECUNIA |
linux -- kernel |
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. |
2008-10-15 | 7.8 | CVE-2008-4576 MLIST CONFIRM |
microsft -- host_integration_server |
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary code via a crafted SNA RPC message, aka "HIS Command Execution Vulnerability." |
2008-10-14 | 10.0 | CVE-2008-3466 MS |
microsft -- open_xml_file_format_converter microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel_viewer microsoft -- office_sharepoint_server |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac do not properly allocate memory when loading Excel objects during parsing of the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted BIFF file, aka "File Format Parsing Vulnerability." |
2008-10-14 | 10.0 | CVE-2008-3471 MS |
microsft -- open_xml_file_format_converter microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel_viewer microsoft -- office_sharepoint_server |
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." |
2008-10-14 | 9.3 | CVE-2008-4019 MS |
microsoft -- iis microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_xp |
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." |
2008-10-14 | 9.0 | CVE-2008-1446 MS |
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." |
2008-10-14 | 7.2 | CVE-2008-2250 MS |
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_xp |
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. |
2008-10-14 | 7.2 | CVE-2008-2251 MS |
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." |
2008-10-14 | 7.2 | CVE-2008-2252 MS |
microsoft -- windows_2003_server microsoft -- windows_xp |
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "AFD Kernel Overwrite Vulnerability." |
2008-10-14 | 7.2 | CVE-2008-3464 MS |
microsoft -- internet_explorer |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." |
2008-10-14 | 9.3 | CVE-2008-3472 MS |
microsoft -- internet_explorer |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." |
2008-10-14 | 9.3 | CVE-2008-3473 MS |
microsoft -- internet_explorer |
Microsoft Internet Explorer 6 does not properly handle errors associated with access to an object that has been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." |
2008-10-14 | 9.3 | CVE-2008-3475 MS |
microsoft -- internet_explorer |
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." |
2008-10-14 | 9.3 | CVE-2008-3476 MS |
microsoft -- internet_explorer |
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Calendar Object Validation Vulnerability." |
2008-10-14 | 9.3 | CVE-2008-3477 MS |
microsoft -- windows_2000 |
The Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 SP4 does not properly validate parameters to string APIs, which allows remote attackers to execute arbitrary code via a crafted RPC call that overflows a "heap request," aka "Message Queuing Service Remote Code Execution Vulnerability." |
2008-10-14 | 10.0 | CVE-2008-3479 MS |
microsoft -- windows_2000 |
Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." |
2008-10-14 | 10.0 | CVE-2008-4023 MS |
microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." |
2008-10-14 | 7.2 | CVE-2008-4036 MS |
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." |
2008-10-14 | 10.0 | CVE-2008-4038 MS |
nfs -- nfs-utils |
nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the host_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. |
2008-10-14 | 7.5 | CVE-2008-4552 CONFIRM |
novell -- edirectory |
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. |
2008-10-14 | 10.0 | CVE-2008-4478 MISC MISC BUGTRAQ BUGTRAQ CONFIRM |
novell -- edirectory |
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. |
2008-10-14 | 10.0 | CVE-2008-4479 MISC BUGTRAQ CONFIRM |
novell -- edirectory |
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. |
2008-10-14 | 10.0 | CVE-2008-4480 MISC BUGTRAQ CONFIRM |
oracle -- bea_product_suite |
Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
2008-10-14 | 10.0 | CVE-2008-4008 CONFIRM |
qemu -- qemu |
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. |
2008-10-15 | 7.2 | CVE-2008-4553 MLIST MLIST CONFIRM |
real-estate-scripts -- real-estate-scripts |
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
2008-10-15 | 7.5 | CVE-2008-4570 BID MILW0RM SECUNIA |
rtssentry -- rtssentry |
Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method. |
2008-10-14 | 9.3 | CVE-2008-4548 XF BID MILW0RM SECUNIA |
sportspanel -- sports_clubs_web_portal |
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. |
2008-10-16 | 10.0 | CVE-2008-4592 MILW0RM FRSIRT |
stash -- stash |
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php. |
2008-10-16 | 7.5 | CVE-2008-4590 XF BID MILW0RM |
sun -- java_system_web_proxy_server |
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via unspecified vectors. |
2008-10-13 | 10.0 | CVE-2008-4541 XF BID FRSIRT SUNALERT SECTRACK SECUNIA |
sun -- solaris |
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. |
2008-10-14 | 10.0 | CVE-2008-4556 BID BUGTRAQ MISC |
systemrequirementslab -- system_requirements_lab |
Husdawg, LLC Systems Requirements Lab 3 allows remote attackers to force the download and execution of arbitrary programs via unknown vectors in (1) ActiveX control (sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar. |
2008-10-14 | 9.3 | CVE-2008-4385 CERT-VN CONFIRM |
xigla -- absolute_poll_manager_xe |
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter. |
2008-10-15 | 7.5 | CVE-2008-4569 BID MILW0RM |