Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-29 | CVE-2008-4300 | Unspecified vulnerability in Microsoft Internet Information Services A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. | 5.0 |
2008-09-29 | CVE-2008-4299 | Numeric Errors vulnerability in Microsoft Internet Authentication Service Helper COM Component A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. | 5.0 |
2008-09-29 | CVE-2008-4192 | Link Following vulnerability in Redhat Cman 2.20080629/2.20080801 The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. | 6.9 |
2008-09-29 | CVE-2008-4120 | Cross-Site Scripting vulnerability in Flatpress 0.804 Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. | 4.3 |
2008-09-29 | CVE-2008-3524 | Link Following vulnerability in Redhat Fedora and Initscripts rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | 4.7 |
2008-09-29 | CVE-2008-2474 | Buffer Errors vulnerability in ABB Pcu400 4.4/4.5/4.6 Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface. | 10.0 |
2008-09-27 | CVE-2008-4298 | Resource Management Errors vulnerability in Lighttpd Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | 5.0 |
2008-09-27 | CVE-2008-4297 | Permissions, Privileges, and Access Controls vulnerability in Mercurial Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. | 5.0 |
2008-09-27 | CVE-2008-4296 | Credentials Management vulnerability in Cisco Linksys Wrt350N The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | 10.0 |
2008-09-27 | CVE-2008-4295 | Improper Input Validation vulnerability in Microsoft Windows Mobile 6.0 Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | 5.4 |