2008 CVEs
7179 CVEs published in 2008. 24 critical, 52 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2008-7291 | Critical | 9.8 | 2019-11-08 | gri before 2.12.18 generates temporary files in an insecure way. |
CVE-2008-7319 | Critical | 9.8 | 2017-11-07 | The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before u… |
CVE-2008-7315 | Critical | 9.8 | 2017-10-10 | UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. |
CVE-2008-7313 | Critical | 9.8 | 2017-03-31 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-479… |
CVE-2008-7109 | Critical | 9.8 | 2009-08-28 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client s… |
CVE-2008-4835 | Critical | 9.8 | 2009-01-14 | SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers t… |
CVE-2008-5784 | Critical | 9.8 | 2008-12-31 | V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. |
CVE-2008-3465 | Critical | 9.8 | 2008-12-10 | Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows… |
CVE-2008-5038 | Critical | 9.8 | 2008-11-12 | Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows r… |
CVE-2008-4250 | Critical | 9.8 | 2008-10-23 | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attack… |
CVE-2008-3612 | Critical | 9.8 | 2008-09-11 | The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remot… |
CVE-2008-2433 | Critical | 9.8 | 2008-08-27 | The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a… |
CVE-2008-3604 | Critical | 9.8 | 2008-08-12 | SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. |
CVE-2008-2374 | Critical | 9.8 | 2008-07-07 | src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP pac… |
CVE-2008-2108 | Critical | 9.8 | 2008-05-07 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zer… |
CVE-2008-0599 | Critical | 9.8 | 2008-05-05 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TR… |
CVE-2008-0961 | Critical | 9.8 | 2008-04-14 | EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. |
CVE-2008-1511 | Critical | 9.8 | 2008-03-25 | Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parame… |
CVE-2008-1160 | Critical | 9.8 | 2008-03-25 | ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to g… |
CVE-2008-0062 | Critical | 9.8 | 2008-03-19 | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash)… |