The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-0984 | The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. | High | Mar 5, 2008 |
| CVE-2008-0983 | lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. | Medium | Feb 27, 2008 |
| CVE-2008-0982 | Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message. | Medium | Feb 26, 2008 |
| CVE-2008-0981 | Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | Medium | Feb 26, 2008 |
| CVE-2008-0980 | Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the Unchangedline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy. | Medium | Feb 28, 2008 |
| CVE-2008-0979 | Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function. | Medium | Feb 27, 2008 |
| CVE-2008-0978 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries. | Medium | Feb 26, 2008 |
| CVE-2008-0977 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory. | Medium | Feb 26, 2008 |
| CVE-2008-0976 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a. | Medium | Feb 27, 2008 |
| CVE-2008-0975 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value. | Medium | Feb 26, 2008 |
| CVE-2008-0974 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\\date.cpp exception. | Medium | Feb 28, 2008 |
| CVE-2008-0973 | Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field. | High | Feb 26, 2008 |
| CVE-2008-0971 | Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter. | Low | Dec 19, 2008 |
| CVE-2008-0967 | Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via an unspecified option in a configuration file. | High | Jun 6, 2008 |
| CVE-2008-0965 | Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0964. | High | Aug 12, 2008 |
| CVE-2008-0964 | Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0965. | High | Aug 12, 2008 |
| CVE-2008-0963 | Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | High | Apr 14, 2008 |
| CVE-2008-0962 | Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface. | High | Apr 14, 2008 |
| CVE-2008-0961 | EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | High | Apr 14, 2008 |
| CVE-2008-0960 | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; and (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | Medium | Jun 11, 2008 |
| CVE-2008-0959 | Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll allow remote attackers to execute arbitrary code via unspecified vectors. | Medium | May 30, 2008 |
| CVE-2008-0958 | Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors. | High | May 30, 2008 |
| CVE-2008-0957 | Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters. | Medium | May 20, 2008 |
| CVE-2008-0956 | Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. | High | Jun 12, 2008 |
| CVE-2008-0955 | Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value. | High | May 29, 2008 |
| CVE-2008-0953 | Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 has unknown impact and remote attack vectors, a different vulnerability than CVE-2007-5608 and CVE-2008-0952. | High | Jun 5, 2008 |
| CVE-2008-0952 | Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 has unknown impact and remote attack vectors, a different vulnerability than CVE-2007-5608 and CVE-2008-0953. | High | Jun 5, 2008 |
| CVE-2008-0951 | Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. | High | Mar 25, 2008 |
| CVE-2008-0949 | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. | High | Mar 18, 2008 |
| CVE-2008-0948 | Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. | High | Mar 25, 2008 |
| CVE-2008-0947 | Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. | High | Mar 19, 2008 |
| CVE-2008-0946 | Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | Medium | Feb 27, 2008 |
| CVE-2008-0945 | Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | Low | Feb 27, 2008 |
| CVE-2008-0944 | Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. | Medium | Feb 26, 2008 |
| CVE-2008-0943 | Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp. | High | Feb 26, 2008 |
| CVE-2008-0942 | SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter. | High | Feb 26, 2008 |
| CVE-2008-0941 | Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event. | Medium | Feb 26, 2008 |
| CVE-2008-0940 | Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407. | Medium | Feb 26, 2008 |
| CVE-2008-0939 | Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. | High | Feb 26, 2008 |
| CVE-2008-0938 | Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. | Medium | Feb 26, 2008 |
| CVE-2008-0937 | SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | Medium | Feb 28, 2008 |
| CVE-2008-0936 | SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | High | Feb 27, 2008 |
| CVE-2008-0935 | Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method. | High | Feb 27, 2008 |
| CVE-2008-0934 | SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action. | High | Feb 27, 2008 |
| CVE-2008-0933 | Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore. | Medium | Feb 28, 2008 |
| CVE-2008-0932 | diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an unspecified parameter. | High | Mar 5, 2008 |
| CVE-2008-0931 | w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | Medium | Sep 5, 2008 |
| CVE-2008-0930 | w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information. | High | Sep 5, 2008 |
| CVE-2008-0929 | DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | REJECT | Nov 7, 2023 |
| CVE-2008-0928 | Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. | Medium | Feb 6, 2009 |
