Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-31 | CVE-2008-5784 | Reliance on Cookies without Validation and Integrity Checking vulnerability in V3Chat V3 Chat Profiles Dating Script 3.0.2 V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | 9.8 |
| 2008-12-29 | CVE-2008-5748 | Path Traversal vulnerability in Bloofox Bloofoxcms 0.3.4 Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | 8.1 |
| 2008-12-19 | CVE-2008-4122 | Cleartext Transmission of Sensitive Information vulnerability in Joomla Joomla! 1.5.8 Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 7.5 |
| 2008-12-09 | CVE-2008-4390 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Linksys Wvc54Gc Firmware The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | 7.5 |
| 2008-11-26 | CVE-2008-5162 | Use of Insufficiently Random Values vulnerability in Freebsd The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator. | 7.0 |
| 2008-11-21 | CVE-2008-5183 | NULL Pointer Dereference vulnerability in multiple products cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. | 7.5 |
| 2008-11-13 | CVE-2008-4989 | Improper Certificate Validation vulnerability in multiple products The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | 5.9 |
| 2008-11-12 | CVE-2008-5038 | Use After Free vulnerability in Novell Edirectory Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | 9.8 |
| 2008-11-04 | CVE-2008-4929 | Use of Insufficiently Random Values vulnerability in Mybb 1.4.2 MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | 7.5 |
| 2008-11-04 | CVE-2008-2992 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. | 7.8 |