Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-15 | CVE-2008-4576 | Improper Authentication vulnerability in Linux Kernel sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | 7.8 |
| 2008-10-15 | CVE-2008-4575 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sentex Jhead Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." | 5.0 |
| 2008-10-15 | CVE-2008-4553 | Link Following vulnerability in Qemu 0.9.15 qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. | 7.2 |
| 2008-10-15 | CVE-2008-4574 | SQL Injection vulnerability in Aspindir Ayco Okul Portali SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | 7.5 |
| 2008-10-15 | CVE-2008-4573 | SQL Injection vulnerability in Aspindir Munzursoft web Portal W3 SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter. | 7.5 |
| 2008-10-15 | CVE-2008-4572 | Buffer Errors vulnerability in Guildftpd 0.999.14 GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow. | 10.0 |
| 2008-10-15 | CVE-2008-4571 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag. | 4.3 |
| 2008-10-15 | CVE-2008-4570 | SQL Injection vulnerability in Real-Estate-Scripts SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2008-10-15 | CVE-2008-4569 | SQL Injection vulnerability in Xigla Absolute Poll Manager XE 4.1 SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
| 2008-10-15 | CVE-2008-4023 | Resource Management Errors vulnerability in Microsoft Windows 2000 Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." | 10.0 |