Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2008-3452

больше 17 лет назад

SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2008-3451

больше 17 лет назад

PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2008-3450

больше 17 лет назад

Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2008-3449

больше 17 лет назад

MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2008-3448

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-3447

больше 17 лет назад

The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2008-3446

больше 17 лет назад

Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2008-3445

больше 17 лет назад

SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3444

больше 17 лет назад

The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-3443

больше 17 лет назад

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2008-3442

больше 17 лет назад

WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3441

больше 17 лет назад

Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3440

больше 17 лет назад

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3439

больше 17 лет назад

SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3438

больше 17 лет назад

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS3: 8.1
EPSS: Низкий
nvd логотип

CVE-2008-3437

больше 17 лет назад

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3436

больше 17 лет назад

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3435

больше 17 лет назад

LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3434

больше 17 лет назад

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3433

больше 17 лет назад

SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2008-3452

SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.

CVSS2: 6.8
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3451

PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.

CVSS2: 4
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3450

Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3449

MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.

CVSS2: 5
3%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3448

Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

CVSS2: 4.3
4%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3447

The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.

CVSS2: 5
11%
Средний
больше 17 лет назад
nvd логотип
CVE-2008-3446

Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

CVSS2: 6.8
4%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3445

SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.

CVSS2: 7.5
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3444

The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."

CVSS2: 4.3
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3443

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

CVSS2: 5
34%
Средний
больше 17 лет назад
nvd логотип
CVE-2008-3442

WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3441

Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3440

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3439

SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3438

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS3: 8.1
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3437

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3436

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3435

LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3434

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3433

SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад

Уязвимостей на страницу