Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-03-31
Updated
2011-03-08
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-03-31
Updated
2011-03-08
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-03-31
Updated
2011-03-08
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-03-31
Updated
2017-09-29
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-08-08
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
Max CVSS
3.3
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-08-08
comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
Max CVSS
7.5
EPSS Score
0.87%
Published
2008-03-31
Updated
2017-08-08
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
Max CVSS
5.5
EPSS Score
0.04%
Published
2008-03-31
Updated
2024-02-14
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-03-31
Updated
2017-08-08
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
Max CVSS
7.5
EPSS Score
1.17%
Published
2008-03-31
Updated
2018-10-11
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
Max CVSS
4.3
EPSS Score
1.83%
Published
2008-03-31
Updated
2017-08-08
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Max CVSS
4.3
EPSS Score
1.88%
Published
2008-03-31
Updated
2018-10-11

CVE-2008-1562

Public exploit
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Max CVSS
5.0
EPSS Score
1.69%
Published
2008-03-31
Updated
2018-10-11
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.
Max CVSS
5.0
EPSS Score
2.40%
Published
2008-03-31
Updated
2018-10-11
Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.
Max CVSS
4.3
EPSS Score
0.24%
Published
2008-03-31
Updated
2018-10-11
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Max CVSS
6.8
EPSS Score
0.09%
Published
2008-03-31
Updated
2017-09-29
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.
Max CVSS
10.0
EPSS Score
29.51%
Published
2008-03-31
Updated
2017-09-29
BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.
Max CVSS
5.0
EPSS Score
0.47%
Published
2008-03-31
Updated
2018-10-11
506 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!