825 matches found
Design/Logic Flaw
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name SPN identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via...
CVE-2008-3009
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name SPN identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via...
CVE-2008-3010
CVE-2008-3010 relates to ISATAP handling in Windows Media components (Windows Media Player 6.4, Windows Media Format Runtime 7.1–11, Windows Media Services 4.1 and 9) where ISATAP addresses are misclassified in the Local Intranet zone, risking NTLM credential leakage and potential remote code exe...
CVE-2008-5329
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file...
Design/Logic Flaw
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file...
CVE-2008-5329
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file...
CVE-2008-4677
autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...
CVE-2008-4677
autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...
CVE-2008-4546
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service NULL pointer dereference and browser crash by returning a different response when an HTTP request is sent a second time, as demonstrated by two...
CVE-2008-4321
Buffer overflow in FlashGet formerly JetCar FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command...
CVE-2008-4246
Affected software: Denora IRC Stats Server (before 1.4.1). Vulnerability: Unspecified issue allowing remote IRC servers to trigger a denial of service (application crash) via a crafted CTCP response. Root cause / vectors: Documented across multiple sources; CTCP response handling is the trigger. ...
FreeBSD Ports: ez-ipupdate
The remote host is missing an update to the system as announced in the referenced advisory. VID e69ba632-326f-11d9-b5b7-000854d03344 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: openvpn-devel
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Null pointer dereference
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service NULL pointer dereference and crash via vectors related to Digest authentication, Digest domain parameter support, and the parsedomain function...
CVE-2008-3746
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service NULL pointer dereference and crash via vectors related to Digest authentication, Digest domain parameter support, and the parsedomain function...
CVE-2008-2233
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors...
Code injection
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors...
CVE-2008-2233
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors...
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted 1 lladdr and 2 iproute configuration directives, probably related to shell metacharacters...
Design/Logic Flaw
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package...