Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2008-0419

около 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2008-0418

около 18 лет назад

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2008-0417

около 18 лет назад

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-0416

почти 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-0415

около 18 лет назад

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-0414

около 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-0413

около 18 лет назад

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2008-0412

около 18 лет назад

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2008-0411

почти 18 лет назад

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2008-0410

около 18 лет назад

HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2008-0409

около 18 лет назад

Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-0408

около 18 лет назад

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2008-0407

около 18 лет назад

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2008-0406

около 18 лет назад

HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2008-0405

около 18 лет назад

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2008-0404

около 18 лет назад

Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-0403

около 18 лет назад

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.

CVSS2: 5.5
EPSS: Средний
nvd логотип

CVE-2008-0402

около 18 лет назад

Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.

CVSS2: 6
EPSS: Низкий
nvd логотип

CVE-2008-0401

около 18 лет назад

Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2008-0400

около 18 лет назад

Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2008-0419

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

CVSS2: 9.3
19%
Средний
около 18 лет назад
nvd логотип
CVE-2008-0418

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

CVSS2: 4.3
39%
Средний
около 18 лет назад
nvd логотип
CVE-2008-0417

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.

CVSS2: 4.3
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0416

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

CVSS2: 4.3
7%
Низкий
почти 18 лет назад
nvd логотип
CVE-2008-0415

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."

CVSS2: 4.3
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0414

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."

CVSS2: 4.3
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0413

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.

CVSS2: 9.3
6%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0412

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

CVSS2: 9.3
9%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0411

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

CVSS2: 6.8
15%
Средний
почти 18 лет назад
nvd логотип
CVE-2008-0410

HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.

CVSS2: 5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0409

Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.

CVSS2: 4.3
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0408

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

CVSS2: 6.4
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0407

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

CVSS2: 5
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0406

HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.

CVSS2: 5
8%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0405

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.

CVSS2: 10
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0404

Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.

CVSS2: 4.3
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0403

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.

CVSS2: 5.5
10%
Средний
около 18 лет назад
nvd логотип
CVE-2008-0402

Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.

CVSS2: 6
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2008-0401

Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.

CVSS2: 10
26%
Средний
около 18 лет назад
nvd логотип
CVE-2008-0400

Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.

CVSS2: 4.3
0%
Низкий
около 18 лет назад

Уязвимостей на страницу