Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-03 | CVE-2008-2439 | Path Traversal vulnerability in Trend Micro Officescan and Worry Free Business Security Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. | 5.0 |
| 2008-10-03 | CVE-2008-2236 | Cross-Site Scripting vulnerability in Blosxom Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). | 4.3 |
| 2008-10-02 | CVE-2008-4396 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Safer Networking Filealyzer 1.6.0.0/1.6.0.4 Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data. | 9.3 |
| 2008-10-02 | CVE-2008-4382 | Resource Management Errors vulnerability in KDE Konqueror 3.5.9 Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | 5.0 |
| 2008-10-02 | CVE-2008-4381 | Resource Management Errors vulnerability in Microsoft Internet Explorer 5/6/7 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | 5.0 |
| 2008-10-02 | CVE-2008-3542 | Permissions, Privileges, and Access Controls vulnerability in HP Insight Diagnostics Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors. | 7.8 |
| 2008-10-02 | CVE-2008-3522 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | 10.0 |
| 2008-10-02 | CVE-2008-3520 | Numeric Errors vulnerability in Jasper Project Jasper 1.900.1 Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | 9.3 |
| 2008-10-02 | CVE-2008-2831 | Cross-Site Scripting vulnerability in Mailmarshal E10000 Appliance and Smtp Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders. | 3.5 |
| 2008-10-01 | CVE-2008-4380 | Improper Input Validation vulnerability in Samsung DVR Shr2040 B3.03Ek1.53V2.190705281908 The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters. | 7.8 |