CVE-2008-2499

Public exploit
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.
Max CVSS
7.5
EPSS Score
96.98%
Published
2008-05-29
Updated
2018-10-31
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
Max CVSS
8.5
EPSS Score
3.79%
Published
2008-05-28
Updated
2024-03-21
Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.
Max CVSS
4.3
EPSS Score
1.50%
Published
2008-05-23
Updated
2017-08-08
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
Max CVSS
9.3
EPSS Score
52.52%
Published
2008-05-23
Updated
2017-08-08
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.
Max CVSS
9.3
EPSS Score
15.18%
Published
2008-05-23
Updated
2017-08-08
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.
Max CVSS
9.3
EPSS Score
15.18%
Published
2008-05-23
Updated
2018-10-11
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
Max CVSS
6.8
EPSS Score
88.85%
Published
2008-05-21
Updated
2017-09-29
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Max CVSS
6.8
EPSS Score
12.79%
Published
2008-05-21
Updated
2018-10-11
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Max CVSS
6.8
EPSS Score
23.82%
Published
2008-05-18
Updated
2017-09-29
Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors.
Max CVSS
7.5
EPSS Score
4.08%
Published
2008-05-16
Updated
2017-08-08
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.
Max CVSS
7.5
EPSS Score
13.71%
Published
2008-05-16
Updated
2017-09-29
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.
Max CVSS
7.5
EPSS Score
91.45%
Published
2008-05-21
Updated
2021-04-07

CVE-2008-2240

Public exploit
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.
Max CVSS
10.0
EPSS Score
97.12%
Published
2008-05-22
Updated
2017-08-08
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
Max CVSS
10.0
EPSS Score
68.39%
Published
2008-05-14
Updated
2018-10-11

CVE-2008-2161

Public exploit
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
63.76%
Published
2008-05-12
Updated
2017-09-29
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
Max CVSS
9.3
EPSS Score
19.49%
Published
2008-05-12
Updated
2023-12-15

CVE-2008-2158

Public exploit
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
Max CVSS
10.0
EPSS Score
66.75%
Published
2008-05-29
Updated
2017-08-08
Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.
Max CVSS
7.5
EPSS Score
1.25%
Published
2008-05-12
Updated
2017-08-08
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-05-12
Updated
2017-08-08
Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog.
Max CVSS
7.2
EPSS Score
0.06%
Published
2008-05-12
Updated
2018-10-11
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
9.29%
Published
2008-05-12
Updated
2018-10-30
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
Max CVSS
6.8
EPSS Score
0.38%
Published
2008-05-12
Updated
2018-10-11
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
Max CVSS
9.3
EPSS Score
7.07%
Published
2008-05-07
Updated
2017-08-08
Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.
Max CVSS
7.5
EPSS Score
6.13%
Published
2008-05-12
Updated
2017-08-08
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.
Max CVSS
7.5
EPSS Score
1.73%
Published
2008-05-06
Updated
2017-08-08
54 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!