2008 CVEs

7179 CVEs published in 2008. 24 critical, 52 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2008
CVESeverityScorePublishedSummary
CVE-2008-7291Critical9.82019-11-08gri before 2.12.18 generates temporary files in an insecure way.
CVE-2008-7319Critical9.82017-11-07The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before u…
CVE-2008-7315Critical9.82017-10-10UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
CVE-2008-7313Critical9.82017-03-31The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-479…
CVE-2008-7109Critical9.82009-08-28The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client s…
CVE-2008-4835Critical9.82009-01-14SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers t…
CVE-2008-5784Critical9.82008-12-31V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2008-3465Critical9.82008-12-10Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows…
CVE-2008-5038Critical9.82008-11-12Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows r…
CVE-2008-4250Critical9.82008-10-23The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attack…
CVE-2008-3612Critical9.82008-09-11The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remot…
CVE-2008-2433Critical9.82008-08-27The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a…
CVE-2008-3604Critical9.82008-08-12SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
CVE-2008-2374Critical9.82008-07-07src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP pac…
CVE-2008-2108Critical9.82008-05-07The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zer…
CVE-2008-0599Critical9.82008-05-05The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TR…
CVE-2008-0961Critical9.82008-04-14EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
CVE-2008-1511Critical9.82008-03-25Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parame…
CVE-2008-1160Critical9.82008-03-25ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to g…
CVE-2008-0062Critical9.82008-03-19KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash)…