Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-26 | CVE-2008-1526 | Use of Password Hash With Insufficient Computational Effort vulnerability in Zyxel products ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. | 7.5 |
| 2008-03-25 | CVE-2008-1160 | Use of Hard-coded Credentials vulnerability in Zyxel Zywall 1050 Firmware ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | 9.8 |
| 2008-03-19 | CVE-2008-0063 | Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | 7.5 |
| 2008-03-19 | CVE-2008-0062 | Improper Initialization vulnerability in multiple products KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | 9.8 |
| 2008-02-12 | CVE-2008-0077 | Use After Free vulnerability in Microsoft Internet Explorer 6/7 Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." | 8.8 |
| 2008-02-12 | CVE-2007-5659 | Classic Buffer Overflow vulnerability in Adobe Acrobat Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. | 7.8 |
| 2008-02-08 | CVE-2008-0662 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Vpn-1 Secureclient Ngair56/Ngxr60 The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. | 7.8 |
| 2008-02-07 | CVE-2008-0655 | Unspecified vulnerability in Adobe Acrobat Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. | 9.8 |
| 2008-01-29 | CVE-2008-0174 | Cleartext Storage of Sensitive Information vulnerability in GE Proficy Real-Time Information Portal 2.6 GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | 9.8 |
| 2008-01-22 | CVE-2008-0374 | Cleartext Transmission of Sensitive Information vulnerability in OKI C5510Mfp Firmware 1.01 OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. | 7.5 |