Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-08-12 CVE-2008-3604 SQL Injection vulnerability in Zeescripts Zeebuddy 2.1
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
network
low complexity
zeescripts CWE-89
critical
9.8
2008-05-07 CVE-2008-2108 Insufficient Entropy vulnerability in multiple products
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
network
low complexity
php fedoraproject canonical debian CWE-331
critical
9.8
2008-05-05 CVE-2008-0599 Incorrect Calculation of Buffer Size vulnerability in multiple products
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
network
low complexity
php fedoraproject canonical apple CWE-131
critical
9.8
2008-04-14 CVE-2008-0961 Use of Hard-coded Credentials vulnerability in EMC Diskxtender 6.20.060
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
network
low complexity
emc CWE-798
critical
9.8
2008-03-25 CVE-2008-1160 Use of Hard-coded Credentials vulnerability in Zyxel Zywall 1050 Firmware
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
network
low complexity
zyxel CWE-798
critical
9.8
2008-03-19 CVE-2008-0062 Improper Initialization vulnerability in multiple products
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
network
low complexity
mit debian canonical fedoraproject CWE-665
critical
9.8
2008-02-07 CVE-2008-0655 Unspecified vulnerability in Adobe Acrobat
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
network
low complexity
adobe
critical
9.8
2008-01-29 CVE-2008-0174 Cleartext Storage of Sensitive Information vulnerability in GE Proficy Real-Time Information Portal 2.6
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
network
low complexity
ge CWE-312
critical
9.8
2008-01-16 CVE-2008-0081 Use of Uninitialized Resource vulnerability in Microsoft Excel, Excel Viewer and Office
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
network
low complexity
microsoft CWE-908
critical
9.8
2007-11-19 CVE-2007-6013 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
network
low complexity
wordpress fedoraproject CWE-327
critical
9.8