LiveActive security incident?Get immediate response
CVE archive

January 2008

Browse CVE records published in January 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 638 matching CVEs · Page 1 of 13.

Critical · CVSS 9.8

CVE-2008-4835: SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gol...

SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."

Published Jan 14, 2009 · Updated Oct 15, 2024

Unknown · CVSS Not scored

CVE-2008-0442: PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attacker...

PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jan 24, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7253: The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables t...

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

Published Jan 25, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-5915: An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary...

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Jan 20, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-5914: An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary f...

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Jan 20, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-5961: Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows re...

Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jan 23, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7271: Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Serv...

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Published Jan 13, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-5842: Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possib...

Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application."

Published Jan 5, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-5983: Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possib...

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Published Jan 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5998: Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x...

Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.

Published Jan 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5986: Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for w...

Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Published Jan 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6000: The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kern...

The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents.

Published Jan 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5933: Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information.

Published Jan 21, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5932: CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, w...

CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 21, 2009 · Updated Aug 7, 2024