• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6707
Avaya
4602sw_ip_phone, 9608, 9608_firmware, 9608g, 9608g_firmware, 9611g, 9611g_firmware, 9621g, 9621g_firmware, 9641g
2017-08-17
N/A
N/A
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
CVE-2008-6706
Avaya
4602sw_ip_phone, 9608, 9608_firmware, 9608g, 9608g_firmware, 9611g, 9611g_firmware, 9621g, 9621g_firmware, 9641g
2017-08-17
N/A
N/A
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
CVE-2008-6705
Stalker-game
S.t.a.l.k.e.r.
2017-08-17
N/A
N/A
The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server termination) via a crafted packet without an expected 0xe0 or 0xe1 value, which triggers the INT3 instruction.
CVE-2008-6704
Stalker-game
S.t.a.l.k.e.r.
2017-08-17
N/A
N/A
Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server crash) via a crafted packet with a 0xc1 value that contains no compressed data, which triggers a copy of a large amount of memory.
CVE-2008-6703
Stalker-game
S.t.a.l.k.e.r.
2017-08-17
N/A
N/A
Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.
CVE-2008-6702
Stalker-game
S.t.a.l.k.e.r.
2018-10-11
N/A
N/A
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.
CVE-2008-6701
Netscout, Visualizer
Airmagnet_enterprise, Cdm_agent_firmware_maintenance_release, Ngenius_client, Ngenius_express_appliance, Ngenius_flow_recorder, Ngenius_infinistream, Ngeniusone, Ngenius_performance_manager, Ngenius_probes, Ngenius_trace_analyzer_integrator
2018-10-11
N/A
N/A
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.
CVE-2008-6700
Butterflymedia
Butterfly_organizer
2017-09-29
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.
CVE-2008-6699
Typo3
Address_directory, Advcalendar_extension, Aeurltool, Aimeos, Air_filemanager, Another_backend_login, Autobeuser, Bb_simplejobs, Beuserswitch, Brainstorming
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6698
Michael Fritz, Typo3
Worldcup, Address_directory, Advcalendar_extension, Aeurltool, Aimeos, Air_filemanager, Another_backend_login, Autobeuser, Bb_simplejobs, Beuserswitch, Brainstorming
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
« Previous 1 … 60 61 62 63 64 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE