Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4638 | 1 Symantec | 1 Veritas File System | 2018-10-11 | 4.6 MEDIUM | N/A |
| qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | |||||
| CVE-2008-4491 | 1 Apple | 2 Mac Os X, Mail | 2018-10-11 | 5.0 MEDIUM | N/A |
| Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | |||||
| CVE-2008-4278 | 2 Microsoft, Vmware | 3 Windows, Virtual Infrastructure Client, Virtualcenter | 2018-10-11 | 2.1 LOW | N/A |
| VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. | |||||
| CVE-2008-4207 | 1 Attachmax | 1 Dolphin | 2018-10-11 | 5.0 MEDIUM | N/A |
| Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4180 | 1 Nooms | 1 Nooms | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability." | |||||
| CVE-2008-4170 | 1 Oscommerce | 1 Oscommerce | 2018-10-11 | 5.0 MEDIUM | N/A |
| create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. | |||||
| CVE-2008-3902 | 1 Hp | 1 68dtt | 2018-10-11 | 2.1 LOW | N/A |
| HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104. | |||||
| CVE-2008-3900 | 1 Intel | 1 Bios | 2018-10-11 | 2.1 LOW | N/A |
| Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3899 | 1 Truecrypt Foundation | 1 Truecrypt | 2018-10-11 | 2.1 LOW | N/A |
| TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability. | |||||
| CVE-2008-3898 | 1 Secustar | 1 Drivecrypt Plus Pack | 2018-10-11 | 2.1 LOW | N/A |
| Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3897 | 2 Freed0m, Microsoft | 2 Disckcryptor, Windows | 2018-10-11 | 2.1 LOW | N/A |
| DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3896 | 1 Gnu | 1 Grub Legacy | 2018-10-11 | 2.1 LOW | N/A |
| Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3895 | 1 Lilo | 1 Lilo | 2018-10-11 | 2.1 LOW | N/A |
| LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3894 | 1 Ibm | 1 Lenovo 7cetb5ww | 2018-10-11 | 2.1 LOW | N/A |
| IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3514 | 1 Vmware | 1 Virtualcenter | 2018-10-11 | 5.0 MEDIUM | N/A |
| VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." | |||||
| CVE-2008-3400 | 1 Xrms | 1 Xrms Crm | 2018-10-11 | 4.3 MEDIUM | N/A |
| XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function. | |||||
| CVE-2008-3327 | 1 Moodle | 1 Moodle | 2018-10-11 | 4.3 MEDIUM | N/A |
| Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message. | |||||
| CVE-2008-3248 | 1 Symantec | 1 Veritas File System | 2018-10-11 | 4.6 MEDIUM | N/A |
| qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files. | |||||
| CVE-2008-3147 | 1 Wefi | 1 Wefi | 2018-10-11 | 4.7 MEDIUM | N/A |
| WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2008-3141 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. | |||||