Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-06 | CVE-2008-4452 | Buffer Errors vulnerability in Cambridge Computer Corporation Vxftpsrv 2.0.3 Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request. | 9.0 |
| 2008-10-06 | CVE-2008-4451 | Permissions, Privileges, and Access Controls vulnerability in Eset Software System Analyzer Tool 1.1.1.0 The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer. | 7.2 |
| 2008-10-06 | CVE-2008-4450 | Cross-Site Scripting vulnerability in Apache Friends Xampp 1.6.8 Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. | 4.3 |
| 2008-10-06 | CVE-2008-4449 | Buffer Errors vulnerability in Mirc 6.34 Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message. | 9.3 |
| 2008-10-06 | CVE-2008-4448 | Cross-Site Request Forgery (CSRF) vulnerability in Positive Software H-Sphere 4.3.10 Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | 6.8 |
| 2008-10-06 | CVE-2008-4447 | Cross-Site Scripting vulnerability in Positive Software H-Sphere 4.3.10 Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action. | 4.3 |
| 2008-10-06 | CVE-2008-4446 | Cross-Site Scripting vulnerability in Nucleus CMS Nucleus Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-06 | CVE-2008-4279 | Permissions, Privileges, and Access Controls vulnerability in VMWare products The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. | 6.8 |
| 2008-10-06 | CVE-2008-4278 | Information Exposure vulnerability in VMWare Virtualcenter VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. | 2.1 |
| 2008-10-06 | CVE-2008-3872 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. | 9.3 |