Security Vulnerabilities, CVEs, Published In November 2008
CVE-2008-5191
Public exploit
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
Max CVSS
7.5
EPSS Score
2.00%
Published
2008-11-21
Updated
2017-09-29
CVE-2008-5180
Public exploit
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
Max CVSS
5.0
EPSS Score
63.84%
Published
2008-11-20
Updated
2024-02-02
CVE-2008-5159
Public exploit
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Max CVSS
10.0
EPSS Score
56.95%
Published
2008-11-18
Updated
2018-10-11
CVE-2008-5036
Public exploit
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Max CVSS
9.3
EPSS Score
97.20%
Published
2008-11-10
Updated
2018-10-11
CVE-2008-5002
Public exploit
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
74.93%
Published
2008-11-10
Updated
2017-09-29
CVE-2008-4922
Public exploit
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
Max CVSS
9.3
EPSS Score
73.15%
Published
2008-11-04
Updated
2017-09-29
CVE-2008-4037
Public exploit
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
Max CVSS
9.3
EPSS Score
11.59%
Published
2008-11-12
Updated
2023-12-07
CVE-2008-2992
Known exploited
Public exploit
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Max CVSS
9.3
EPSS Score
97.17%
Published
2008-11-04
Updated
2018-10-30
CISA KEV Added
2022-03-03
8 vulnerabilities found