Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 646

Количество 63 646

ubuntu логотип

CVE-2008-3333

больше 17 лет назад

Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3332

больше 17 лет назад

Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.

CVSS2: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3331

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.

CVSS2: 3.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3330

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2008-3329

больше 17 лет назад

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2008-3328

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2008-3327

больше 17 лет назад

Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2008-3326

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2008-3325

больше 17 лет назад

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

CVSS2: 6
EPSS: Низкий
ubuntu логотип

CVE-2008-3294

больше 17 лет назад

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

CVSS2: 3.7
EPSS: Низкий
ubuntu логотип

CVE-2008-3282

больше 17 лет назад

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.

CVSS3: 7.8
EPSS: Низкий
ubuntu логотип

CVE-2008-3281

больше 17 лет назад

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3279

почти 16 лет назад

Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.

CVSS2: 6.9
EPSS: Низкий
ubuntu логотип

CVE-2008-3277

почти 12 лет назад

Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.

CVSS2: 4.4
EPSS: Низкий
ubuntu логотип

CVE-2008-3276

больше 17 лет назад

Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.

CVSS2: 7.1
EPSS: Низкий
ubuntu логотип

CVE-2008-3275

больше 17 лет назад

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.

CVSS3: 5.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3273

больше 17 лет назад

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

CVSS2: 5
EPSS: Средний
ubuntu логотип

CVE-2008-3272

больше 17 лет назад

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CVSS2: 2.1
EPSS: Низкий
ubuntu логотип

CVE-2008-3271

больше 17 лет назад

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2008-3264

больше 17 лет назад

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.

CVSS2: 7.8
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2008-3333

Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).

CVSS2: 7.5
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3332

Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.

CVSS2: 6.5
9%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3331

Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.

CVSS2: 3.5
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3330

Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.

CVSS2: 4.3
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."

CVSS2: 9.3
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3328

Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS2: 4.3
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3327

Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.

CVSS2: 4.3
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3326

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

CVSS2: 2.6
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3325

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

CVSS2: 6
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3294

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

CVSS2: 3.7
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3282

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.

CVSS3: 7.8
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

CVSS3: 6.5
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3279

Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.

CVSS2: 6.9
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2008-3277

Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.

CVSS2: 4.4
0%
Низкий
почти 12 лет назад
ubuntu логотип
CVE-2008-3276

Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.

CVSS2: 7.1
4%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3275

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.

CVSS3: 5.5
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3273

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

CVSS2: 5
39%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CVSS2: 2.1
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

CVSS2: 4.3
4%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.

CVSS2: 7.8
11%
Средний
больше 17 лет назад

Уязвимостей на страницу