CVE-2008-5711

Public exploit
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
Max CVSS
9.3
EPSS Score
28.38%
Published
2008-12-24
Updated
2017-09-29

CVE-2008-5664

Public exploit
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
Max CVSS
9.3
EPSS Score
91.35%
Published
2008-12-19
Updated
2017-09-29

CVE-2008-5619

Public exploit
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Max CVSS
10.0
EPSS Score
88.65%
Published
2008-12-17
Updated
2018-10-11

CVE-2008-5499

Public exploit
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
Max CVSS
9.3
EPSS Score
96.89%
Published
2008-12-18
Updated
2017-08-08

CVE-2008-5492

Public exploit
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
88.15%
Published
2008-12-12
Updated
2017-09-29

CVE-2008-5416

Public exploit
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
Max CVSS
9.0
EPSS Score
96.92%
Published
2008-12-10
Updated
2018-10-12

CVE-2008-5405

Public exploit
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
Max CVSS
9.3
EPSS Score
86.67%
Published
2008-12-10
Updated
2017-09-29

CVE-2008-5353

Public exploit
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
Max CVSS
10.0
EPSS Score
97.10%
Published
2008-12-05
Updated
2018-10-11

CVE-2008-5159

Public exploit
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Max CVSS
10.0
EPSS Score
56.95%
Published
2008-11-18
Updated
2018-10-11

CVE-2008-5036

Public exploit
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Max CVSS
9.3
EPSS Score
97.20%
Published
2008-11-10
Updated
2018-10-11

CVE-2008-5002

Public exploit
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
74.93%
Published
2008-11-10
Updated
2017-09-29

CVE-2008-4922

Public exploit
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
Max CVSS
9.3
EPSS Score
73.15%
Published
2008-11-04
Updated
2017-09-29

CVE-2008-4844

Public exploit
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
Max CVSS
9.3
EPSS Score
97.17%
Published
2008-12-11
Updated
2018-10-12

CVE-2008-4779

Public exploit
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
Max CVSS
10.0
EPSS Score
42.54%
Published
2008-10-29
Updated
2017-09-29

CVE-2008-4687

Public exploit
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Max CVSS
9.0
EPSS Score
96.32%
Published
2008-10-22
Updated
2018-05-13

CVE-2008-4654

Public exploit
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
Max CVSS
9.3
EPSS Score
75.35%
Published
2008-10-22
Updated
2018-10-11

CVE-2008-4572

Public exploit
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
40.30%
Published
2008-10-15
Updated
2017-09-29

CVE-2008-4556

Public exploit
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
Max CVSS
10.0
EPSS Score
80.92%
Published
2008-10-14
Updated
2018-10-11

CVE-2008-4449

Public exploit
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
Max CVSS
9.3
EPSS Score
84.48%
Published
2008-10-06
Updated
2017-09-29

CVE-2008-4397

Public exploit
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
Max CVSS
10.0
EPSS Score
86.74%
Published
2008-10-14
Updated
2021-04-09

CVE-2008-4385

Public exploit
Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
Max CVSS
9.3
EPSS Score
65.03%
Published
2008-10-14
Updated
2017-08-08

CVE-2008-4384

Public exploit
Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.
Max CVSS
9.3
EPSS Score
66.91%
Published
2008-10-07
Updated
2017-08-08

CVE-2008-4322

Public exploit
Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet.
Max CVSS
10.0
EPSS Score
30.27%
Published
2008-09-29
Updated
2018-10-11

CVE-2008-4250

Public exploit
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Max CVSS
10.0
EPSS Score
97.48%
Published
2008-10-23
Updated
2022-02-09

CVE-2008-4193

Public exploit
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
Max CVSS
10.0
EPSS Score
84.56%
Published
2008-09-24
Updated
2017-09-29
67 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!