Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-4932 |
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. Published: November 05, 2008; 10:00:14 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2008-4817 |
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. Published: November 05, 2008; 10:00:14 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-4814 |
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." Published: November 05, 2008; 10:00:14 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-4812 |
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. Published: November 05, 2008; 10:00:14 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-4930 |
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. Published: November 04, 2008; 4:00:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4927 |
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: November 04, 2008; 4:00:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4919 |
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. Published: November 04, 2008; 4:00:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 8.8 HIGH |
CVE-2008-4907 |
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." Published: November 03, 2008; 7:58:40 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4910 |
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. Published: November 03, 2008; 7:57:30 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-4878 |
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. Published: November 01, 2008; 2:00:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2008-4309 |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. Published: October 31, 2008; 4:29:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4794 |
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. Published: October 30, 2008; 4:56:54 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-4767 |
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality. Published: October 28, 2008; 6:30:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2008-4748 |
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. Published: October 27, 2008; 4:00:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2008-4682 |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. Published: October 22, 2008; 2:00:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4681 |
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. Published: October 22, 2008; 2:00:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4641 |
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. Published: October 21, 2008; 2:00:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-4640 |
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. Published: October 21, 2008; 2:00:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.6 LOW |
CVE-2008-4618 |
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. Published: October 20, 2008; 8:10:53 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-4616 |
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. Published: October 20, 2008; 2:14:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |