Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-15 | CVE-2008-4558 | Resource Management Errors vulnerability in Videolan VLC Media Player 0.9.2 Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. | 6.8 |
2008-10-14 | CVE-2008-4557 | Code Injection vulnerability in Cutephp Cutenews 1.1.1 plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression. | 10.0 |
2008-10-14 | CVE-2008-4556 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Solaris 8/9 Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. | 10.0 |
2008-10-14 | CVE-2008-4480 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. | 10.0 |
2008-10-14 | CVE-2008-4479 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. | 10.0 |
2008-10-14 | CVE-2008-4478 | Numeric Errors vulnerability in Novell Edirectory Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. | 10.0 |
2008-10-14 | CVE-2008-4013 | Unspecified vulnerability in Oracle BEA Product Suite Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. network oracle | 6.8 |
2008-10-14 | CVE-2008-4012 | Unspecified vulnerability in Oracle Weblogic Workshop 8.1 Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI pageflows." | 5.1 |
2008-10-14 | CVE-2008-4011 | Unspecified vulnerability in Oracle BEA Product Suite Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors. | 2.1 |
2008-10-14 | CVE-2008-4010 | Unspecified vulnerability in Oracle BEA Product Suite Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags." network oracle | 6.8 |