Vulnerabilities > Microsoft > Windows > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-12-05 | CVE-2008-5326 | Credentials Management vulnerability in IBM Rational Clearquest The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | 4.4 |
2008-11-17 | CVE-2008-5112 | Information Exposure vulnerability in Microsoft Windows and Windows 2000 The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. | 5.0 |
2008-11-05 | CVE-2008-4816 | Unspecified vulnerability in Adobe Acrobat and Acrobat Reader Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. | 4.3 |
2008-10-15 | CVE-2008-4582 | Permissions, Privileges, and Access Controls vulnerability in multiple products Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. | 4.3 |
2008-08-27 | CVE-2008-3851 | Path Traversal vulnerability in Pluck 4.5.2 Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. | 5.0 |
2008-07-30 | CVE-2008-3365 | Path Traversal vulnerability in Pixelpost 1.7.1 Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-06-02 | CVE-2008-2099 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | 6.9 |
2008-03-12 | CVE-2008-1302 | Numeric Errors vulnerability in Perforce Server The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | 5.0 |
2008-03-12 | CVE-2008-1299 | Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus 7.0.0 Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
2007-12-17 | CVE-2007-6404 | Path Traversal vulnerability in Shttp Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. | 5.0 |