Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-30 | CVE-2008-4325 | Remote Security vulnerability in Viewvc 1.0.5 lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. network viewvc | 5.8 |
| 2008-09-29 | CVE-2008-4324 | Resource Management Errors vulnerability in Mozilla Firefox 3.0.3 The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. | 5.0 |
| 2008-09-29 | CVE-2008-4323 | Denial-Of-Service vulnerability in Microsoft Windows XP SP3 Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. network microsoft | 4.3 |
| 2008-09-29 | CVE-2008-4322 | Buffer Errors vulnerability in Realflex Technologies LTD Realwin Server 2.0 Stack-based buffer overflow in RealFlex Technologies Ltd. | 10.0 |
| 2008-09-29 | CVE-2008-4321 | Buffer Errors vulnerability in Flashget FTP 1.9 Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command. | 9.3 |
| 2008-09-29 | CVE-2008-4320 | Cross-Site Scripting vulnerability in Opennms.Org Opennms Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | 4.3 |
| 2008-09-29 | CVE-2008-4319 | Improper Authentication vulnerability in Libra File Manager PHP Filemanager fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | 6.4 |
| 2008-09-29 | CVE-2008-4318 | Improper Input Validation vulnerability in Project-Observer Observer Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | 10.0 |
| 2008-09-29 | CVE-2008-3827 | Numeric Errors vulnerability in Mplayer Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. | 9.3 |
| 2008-09-29 | CVE-2008-4302 | Improper Locking vulnerability in multiple products fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. | 5.5 |