Search for vulnerabilities


CVE-ID
Description
CVSS-Score
V2
V3
CVE-2008-0177 The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of servic...

7.8

None

CVE-2008-0176 Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code vi...

10.0

None

CVE-2008-0175 Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtu...

7.5

None

CVE-2008-0174 GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gai...

5.0

None

CVE-2008-0173 SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.

7.5

None

CVE-2008-0172 The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via...

5.0

None

CVE-2008-0171 regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regu...

5.0

None

CVE-2008-0169 Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is no...

6.8

None

CVE-2008-0167 The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictio...

4.6

None

CVE-2008-0166 OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guess...

7.8

None

CVE-2008-0165 Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

4.3

None

CVE-2008-0164 Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via th...

4.3

None

CVE-2008-0163 Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.

4.4

None

CVE-2008-0162 misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.

7.2

None

CVE-2008-0159 SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.

6.8

None

CVE-2008-0158 Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.

5.0

None

CVE-2008-0157 SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.

7.5

None

CVE-2008-0156 Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.

5.0

None

CVE-2008-0155 Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.

4.3

None

CVE-2008-0154 SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.

7.5

None