CVE-2008-5711

Public exploit
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
Max CVSS
9.3
EPSS Score
28.38%
Published
2008-12-24
Updated
2017-09-29

CVE-2008-5666

Public exploit
WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
Max CVSS
3.5
EPSS Score
11.34%
Published
2008-12-19
Updated
2017-09-29

CVE-2008-5664

Public exploit
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
Max CVSS
9.3
EPSS Score
91.35%
Published
2008-12-19
Updated
2017-09-29

CVE-2008-5626

Public exploit
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
Max CVSS
4.0
EPSS Score
95.71%
Published
2008-12-17
Updated
2017-09-29

CVE-2008-5619

Public exploit
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Max CVSS
10.0
EPSS Score
88.65%
Published
2008-12-17
Updated
2018-10-11

CVE-2008-5499

Public exploit
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
Max CVSS
9.3
EPSS Score
96.89%
Published
2008-12-18
Updated
2017-08-08

CVE-2008-5492

Public exploit
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
88.15%
Published
2008-12-12
Updated
2017-09-29

CVE-2008-5416

Public exploit
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
Max CVSS
9.0
EPSS Score
96.92%
Published
2008-12-10
Updated
2018-10-12

CVE-2008-5405

Public exploit
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
Max CVSS
9.3
EPSS Score
86.67%
Published
2008-12-10
Updated
2017-09-29

CVE-2008-5353

Public exploit
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
Max CVSS
10.0
EPSS Score
97.10%
Published
2008-12-05
Updated
2018-10-11

CVE-2008-5191

Public exploit
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
Max CVSS
7.5
EPSS Score
2.00%
Published
2008-11-21
Updated
2017-09-29

CVE-2008-5180

Public exploit
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
Max CVSS
5.0
EPSS Score
63.84%
Published
2008-11-20
Updated
2024-02-02

CVE-2008-5159

Public exploit
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Max CVSS
10.0
EPSS Score
56.95%
Published
2008-11-18
Updated
2018-10-11

CVE-2008-5081

Public exploit
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
Max CVSS
5.0
EPSS Score
95.38%
Published
2008-12-17
Updated
2017-09-29

CVE-2008-5036

Public exploit
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Max CVSS
9.3
EPSS Score
97.20%
Published
2008-11-10
Updated
2018-10-11

CVE-2008-5002

Public exploit
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
74.93%
Published
2008-11-10
Updated
2017-09-29

CVE-2008-4922

Public exploit
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
Max CVSS
9.3
EPSS Score
73.15%
Published
2008-11-04
Updated
2017-09-29

CVE-2008-4844

Public exploit
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
Max CVSS
9.3
EPSS Score
97.17%
Published
2008-12-11
Updated
2018-10-12

CVE-2008-4779

Public exploit
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
Max CVSS
10.0
EPSS Score
42.54%
Published
2008-10-29
Updated
2017-09-29

CVE-2008-4696

Public exploit
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
Max CVSS
4.3
EPSS Score
85.75%
Published
2008-10-23
Updated
2018-10-11

CVE-2008-4687

Public exploit
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Max CVSS
9.0
EPSS Score
96.32%
Published
2008-10-22
Updated
2018-05-13

CVE-2008-4654

Public exploit
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
Max CVSS
9.3
EPSS Score
75.35%
Published
2008-10-22
Updated
2018-10-11

CVE-2008-4572

Public exploit
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
40.30%
Published
2008-10-15
Updated
2017-09-29

CVE-2008-4556

Public exploit
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
Max CVSS
10.0
EPSS Score
80.92%
Published
2008-10-14
Updated
2018-10-11

CVE-2008-4449

Public exploit
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
Max CVSS
9.3
EPSS Score
84.48%
Published
2008-10-06
Updated
2017-09-29
103 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!