CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2008-4816 2008-11-05 2018-10-30
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
402 CVE-2008-4815 264 +Priv 2008-11-05 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
403 CVE-2008-4814 20 Exec Code 2008-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
404 CVE-2008-4813 399 Exec Code Mem. Corr. 2008-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.
405 CVE-2008-4812 20 Exec Code 2008-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
406 CVE-2008-4636 20 +Priv 2008-11-27 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
407 CVE-2008-4415 264 Exec Code 2008-11-17 2012-10-31
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.
408 CVE-2008-4414 264 +Priv 2008-11-07 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
409 CVE-2008-4413 264 2008-11-04 2017-08-08
6.2
None Local Low ??? Complete Complete None
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.
410 CVE-2008-4395 119 Exec Code Overflow 2008-11-06 2017-08-08
8.3
None Local Network Low Not required Complete Complete Complete
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
411 CVE-2008-4387 94 Exec Code 2008-11-10 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
412 CVE-2008-4315 2008-11-27 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
413 CVE-2008-4313 264 Bypass 2008-11-27 2017-09-29
6.0
None Remote Medium ??? Partial Partial Partial
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
414 CVE-2008-4306 119 Overflow 2008-11-04 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
415 CVE-2008-4281 22 +Priv Dir. Trav. 2008-11-10 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.
416 CVE-2008-4233 2008-11-25 2011-03-08
2.6
None Remote High Not required None None Partial
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
417 CVE-2008-4232 2008-11-25 2011-03-08
5.0
None Remote Low Not required None Partial None
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
418 CVE-2008-4231 399 DoS Exec Code Mem. Corr. 2008-11-25 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
419 CVE-2008-4230 264 +Info 2008-11-25 2011-03-08
1.9
None Local Medium Not required Partial None None
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
420 CVE-2008-4229 362 2008-11-25 2011-03-08
3.7
None Local High Not required Partial Partial Partial
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
421 CVE-2008-4228 264 2008-11-25 2011-03-08
3.6
None Local Low Not required None Partial Partial
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
422 CVE-2008-4227 310 +Info 2008-11-25 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
423 CVE-2008-4226 399 DoS Exec Code Overflow Mem. Corr. 2008-11-25 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
424 CVE-2008-4225 189 DoS Overflow 2008-11-25 2017-09-29
7.8
None Remote Low Not required None None Complete
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
425 CVE-2008-4216 200 +Info 2008-11-17 2012-10-31
4.3
None Remote Medium Not required Partial None None
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
426 CVE-2008-4037 287 2 Exec Code 2008-11-12 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
427 CVE-2008-4033 200 +Info 2008-11-12 2018-10-12
4.3
None Remote Medium Not required Partial None None
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
428 CVE-2008-4029 200 +Info 2008-11-12 2019-02-26
4.3
None Remote Medium Not required Partial None None
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."
429 CVE-2008-3868 352 CSRF 2008-11-03 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.
430 CVE-2008-3867 89 Exec Code Sql 2008-11-03 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.
431 CVE-2008-3644 200 +Info 2008-11-17 2012-10-31
1.9
None Local Medium Not required Partial None None
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
432 CVE-2008-3623 119 DoS Exec Code Overflow 2008-11-17 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
433 CVE-2008-3527 264 DoS +Priv 2008-11-05 2017-09-29
4.6
None Local Low Not required Partial Partial Partial
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
434 CVE-2008-2992 119 Exec Code Overflow 2008-11-04 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
435 CVE-2008-2432 200 +Info 2008-11-26 2008-11-26
5.0
None Remote Low Not required Partial None None
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.
436 CVE-2008-2431 119 Exec Code Overflow 2008-11-26 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method.
437 CVE-2008-2429 89 Exec Code Sql 2008-11-26 2008-11-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.
438 CVE-2008-2378 264 +Priv 2008-11-26 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option.
439 CVE-2008-1586 399 DoS 2008-11-25 2011-03-08
7.1
None Remote Medium Not required None None Complete
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
440 CVE-2008-0017 119 DoS Exec Code Overflow Mem. Corr. 2008-11-13 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
441 CVE-2008-0014 119 Exec Code Overflow 2008-11-17 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013.
442 CVE-2008-0013 119 Exec Code Overflow 2008-11-17 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.
443 CVE-2008-0012 119 Exec Code Overflow 2008-11-17 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014.
444 CVE-2007-0074 119 Exec Code Overflow 2008-11-17 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.
445 CVE-2007-0073 119 Exec Code Overflow 2008-11-17 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.
446 CVE-2007-0072 119 Exec Code Overflow 2008-11-17 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.
447 CVE-2006-5269 119 Exec Code Overflow 2008-11-17 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface.
448 CVE-2006-5268 287 Exec Code 2008-11-17 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
Total number of vulnerabilities : 448   Page : 1 2 3 4 5 6 7 8 9 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.