Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-09 | CVE-2008-4514 | Improper Input Validation vulnerability in Konqueror 3.5.9 The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. | 5.0 |
| 2008-10-09 | CVE-2008-4512 | Permissions, Privileges, and Access Controls vulnerability in Designplace Asp/Ms Access Shoutbox 1.1 ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
| 2008-10-09 | CVE-2008-4511 | Permissions, Privileges, and Access Controls vulnerability in Todd Woolums ASP News Management 2.21 Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
| 2008-10-09 | CVE-2008-4510 | Resource Management Errors vulnerability in Microsoft Windows Vista Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | 4.9 |
| 2008-10-09 | CVE-2008-4509 | Improper Input Validation vulnerability in Foss Gallery Foss Gallery 1.0 Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. | 10.0 |
| 2008-10-09 | CVE-2008-4508 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tonec Inc. Internet Download Manager Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. | 7.8 |
| 2008-10-09 | CVE-2008-4507 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. | 7.5 |
| 2008-10-09 | CVE-2008-4506 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | 7.5 |
| 2008-10-09 | CVE-2008-4505 | Improper Input Validation vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. | 7.8 |
| 2008-10-09 | CVE-2008-4504 | Buffer Errors vulnerability in Herosoft Hero DVD Player 3.0.8 Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. | 6.8 |