Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 646

Количество 63 646

ubuntu логотип

CVE-2008-2549

больше 17 лет назад

Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.

CVSS2: 4.3
EPSS: Высокий
ubuntu логотип

CVE-2008-2544

больше 4 лет назад

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

CVSS3: 5.5
EPSS: Низкий
ubuntu логотип

CVE-2008-2543

больше 17 лет назад

The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-2516

больше 17 лет назад

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

CVSS2: 4.6
EPSS: Низкий
ubuntu логотип

CVE-2008-2486

больше 17 лет назад

Unspecified vulnerability in eMule Plus before 1.2d has unknown impact and attack vectors related to "staticservers.dat processing."

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2008-2469

больше 17 лет назад

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

CVSS2: 10
EPSS: Средний
ubuntu логотип

CVE-2008-2430

больше 17 лет назад

Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2008-2426

больше 17 лет назад

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2008-2424

больше 17 лет назад

Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2008-2423

больше 17 лет назад

Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2008-2420

больше 17 лет назад

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2008-2419

больше 17 лет назад

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2008-2400

больше 17 лет назад

Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2008-2392

больше 17 лет назад

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

CVSS2: 9
EPSS: Низкий
ubuntu логотип

CVE-2008-2384

около 17 лет назад

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2008-2383

около 17 лет назад

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2008-2382

около 17 лет назад

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

CVSS2: 5
EPSS: Средний
ubuntu логотип

CVE-2008-2381

около 17 лет назад

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2008-2380

около 17 лет назад

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

CVSS2: 5.1
EPSS: Низкий
ubuntu логотип

CVE-2008-2379

около 17 лет назад

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2008-2549

Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.

CVSS2: 4.3
72%
Высокий
больше 17 лет назад
ubuntu логотип
CVE-2008-2544

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

CVSS3: 5.5
0%
Низкий
больше 4 лет назад
ubuntu логотип
CVE-2008-2543

The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.

CVSS2: 5
2%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2516

pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.

CVSS2: 4.6
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2486

Unspecified vulnerability in eMule Plus before 1.2d has unknown impact and attack vectors related to "staticservers.dat processing."

CVSS2: 10
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2469

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

CVSS2: 10
39%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-2430

Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.

CVSS2: 9.3
8%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2426

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

CVSS2: 9.3
7%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2424

Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.

CVSS2: 10
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2423

Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.

CVSS2: 10
4%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.

CVSS2: 6.8
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2419

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.

CVSS2: 4.3
5%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2400

Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2392

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

CVSS2: 9
2%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-2384

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.

CVSS2: 7.5
5%
Низкий
около 17 лет назад
ubuntu логотип
CVE-2008-2383

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

CVSS2: 9.3
2%
Низкий
около 17 лет назад
ubuntu логотип
CVE-2008-2382

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

CVSS2: 5
20%
Средний
около 17 лет назад
ubuntu логотип
CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

CVSS2: 7.5
1%
Низкий
около 17 лет назад
ubuntu логотип
CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

CVSS2: 5.1
1%
Низкий
около 17 лет назад
ubuntu логотип
CVE-2008-2379

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

CVSS2: 4.3
1%
Низкий
около 17 лет назад

Уязвимостей на страницу