CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2008 (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5284 189 DoS 2008-11-29 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.
2 CVE-2008-5282 119 Exec Code Overflow 2008-11-29 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
3 CVE-2008-5281 119 1 Exec Code Overflow 2008-11-29 2008-12-01
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
4 CVE-2008-5279 119 Exec Code Overflow +Info 2008-11-29 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.
5 CVE-2008-5246 119 Exec Code Overflow 2008-11-26 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
6 CVE-2008-5245 119 Overflow 2008-11-26 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
7 CVE-2008-5244 2008-11-26 2009-02-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
8 CVE-2008-5237 189 DoS Exec Code Overflow 2008-11-26 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
9 CVE-2008-5236 119 Exec Code Overflow 2008-11-26 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
10 CVE-2008-5235 119 Exec Code Overflow 2008-11-26 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
11 CVE-2008-5234 119 Exec Code Overflow 2008-11-26 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
12 CVE-2008-5232 787 2 Exec Code Overflow 2008-11-26 2019-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13 CVE-2008-5231 119 Exec Code Overflow 2008-11-26 2008-11-26
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431.
14 CVE-2008-5227 94 Exec Code File Inclusion 2008-11-25 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.
15 CVE-2008-5220 20 Exec Code 2008-11-25 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
16 CVE-2008-5210 94 Exec Code File Inclusion 2008-11-24 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.
17 CVE-2008-5184 255 Bypass CSRF 2008-11-21 2009-01-29
10.0
None Remote Low Not required Complete Complete Complete
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
18 CVE-2008-5178 119 Exec Code Overflow 2008-11-20 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
19 CVE-2008-5177 119 DoS Exec Code Overflow 2008-11-20 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication.
20 CVE-2008-5176 119 Exec Code Overflow 2008-11-20 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515.
21 CVE-2008-5175 22 Dir. Trav. 2008-11-19 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
22 CVE-2008-5173 94 Exec Code 2008-11-19 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.
23 CVE-2008-5171 22 Dir. Trav. 2008-11-19 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
24 CVE-2008-5167 94 Exec Code File Inclusion 2008-11-19 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
25 CVE-2008-5159 189 DoS Overflow Mem. Corr. 2008-11-18 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
26 CVE-2008-5155 59 2008-11-18 2009-02-17
9.3
None Remote Medium Not required Complete Complete Complete
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.
27 CVE-2008-5134 119 Overflow 2008-11-18 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
28 CVE-2008-5120 119 Exec Code Overflow 2008-11-18 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
29 CVE-2008-5110 2008-11-17 2021-06-22
9.3
None Remote Medium Not required Complete Complete Complete
syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.
30 CVE-2008-5106 119 DoS Exec Code Overflow 2008-11-17 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212.
31 CVE-2008-5101 119 Exec Code Overflow 2008-11-17 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
32 CVE-2008-5100 310 Bypass 2008-11-17 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
33 CVE-2008-5094 119 Overflow 2008-11-14 2012-10-31
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.
34 CVE-2008-5092 119 Overflow 2008-11-14 2012-10-31
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.
35 CVE-2008-5091 119 DoS Overflow 2008-11-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."
36 CVE-2008-5090 94 Exec Code 2008-11-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
37 CVE-2008-5089 2008-11-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method.
38 CVE-2008-5073 119 Exec Code Overflow 2008-11-14 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.
39 CVE-2008-5071 94 Exec Code 2008-11-14 2017-09-29
9.0
None Remote Low ??? Complete Complete Complete
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
40 CVE-2008-5066 94 Exec Code File Inclusion 2008-11-13 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
41 CVE-2008-5063 94 1 Exec Code File Inclusion 2008-11-13 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
42 CVE-2008-5060 94 Exec Code File Inclusion 2008-11-13 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
43 CVE-2008-5053 94 1 Exec Code File Inclusion 2008-11-13 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
44 CVE-2008-5052 399 DoS Mem. Corr. 2008-11-13 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
45 CVE-2008-5050 119 DoS Exec Code Overflow 2008-11-13 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
46 CVE-2008-5045 119 DoS Overflow 2008-11-13 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
47 CVE-2008-5038 399 DoS Exec Code Mem. Corr. 2008-11-12 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
48 CVE-2008-5036 119 Exec Code Overflow 2008-11-10 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
49 CVE-2008-5032 119 Exec Code Overflow 2008-11-10 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
50 CVE-2008-5031 189 Overflow 2008-11-10 2019-10-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Total number of vulnerabilities : 101   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.