Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2008-10004

почти 3 года назад

A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.

CVSS3: 6.3
EPSS: Низкий
nvd логотип

CVE-2008-10003

почти 3 года назад

A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.

CVSS3: 6.3
EPSS: Низкий
nvd логотип

CVE-2008-10002

почти 3 года назад

A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.

CVSS3: 3.5
EPSS: Низкий
nvd логотип

CVE-2008-10001

почти 4 года назад

A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS3: 5.5
EPSS: Низкий
nvd логотип

CVE-2008-0999

почти 18 лет назад

Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

CVSS2: 7.1
EPSS: Низкий
nvd логотип

CVE-2008-0998

почти 18 лет назад

Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.

CVSS2: 6.9
EPSS: Низкий
nvd логотип

CVE-2008-0997

почти 18 лет назад

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2008-0996

почти 18 лет назад

The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

CVSS2: 1.7
EPSS: Низкий
nvd логотип

CVE-2008-0995

почти 18 лет назад

The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2008-0994

почти 18 лет назад

Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2008-0993

почти 18 лет назад

Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2008-0992

почти 18 лет назад

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

CVSS2: 5.8
EPSS: Низкий
nvd логотип

CVE-2008-0990

почти 18 лет назад

notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.

CVSS2: 4.4
EPSS: Низкий
nvd логотип

CVE-2008-0989

почти 18 лет назад

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

CVSS2: 6.9
EPSS: Низкий
nvd логотип

CVE-2008-0988

почти 18 лет назад

Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-0987

почти 18 лет назад

Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2008-0986

почти 18 лет назад

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2008-0985

почти 18 лет назад

Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2008-0984

почти 18 лет назад

The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2008-0983

почти 18 лет назад

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2008-10004

A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.

CVSS3: 6.3
0%
Низкий
почти 3 года назад
nvd логотип
CVE-2008-10003

A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.

CVSS3: 6.3
0%
Низкий
почти 3 года назад
nvd логотип
CVE-2008-10002

A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.

CVSS3: 3.5
0%
Низкий
почти 3 года назад
nvd логотип
CVE-2008-10001

A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS3: 5.5
0%
Низкий
почти 4 года назад
nvd логотип
CVE-2008-0999

Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

CVSS2: 7.1
1%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0998

Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.

CVSS2: 6.9
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0997

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.

CVSS2: 6.8
2%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0996

The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

CVSS2: 1.7
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0995

The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.

CVSS2: 2.6
1%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0994

Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.

CVSS2: 2.6
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0993

Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.

CVSS2: 2.1
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0992

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

CVSS2: 5.8
1%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0990

notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.

CVSS2: 4.4
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0989

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

CVSS2: 6.9
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0988

Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.

CVSS2: 4.3
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0987

Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

CVSS2: 6.8
27%
Средний
почти 18 лет назад
nvd логотип
CVE-2008-0986

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

CVSS2: 7.5
14%
Средний
почти 18 лет назад
nvd логотип
CVE-2008-0985

Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.

CVSS2: 6.8
16%
Средний
почти 18 лет назад
nvd логотип
CVE-2008-0984

The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

CVSS2: 9.3
27%
Средний
почти 18 лет назад
nvd логотип
CVE-2008-0983

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

CVSS2: 5
4%
Низкий
почти 18 лет назад

Уязвимостей на страницу