LiveActive security incident?Get immediate response
CVE archive

January 2008

Browse CVE records published in January 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 638 matching CVEs · Page 4 of 13.

Unknown · CVSS Not scored

CVE-2008-5912: An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes...

An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Jan 20, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5878: Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, whe...

Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname parameter to theme/superchrome/box.php and the (2) theme parameter to phpclanwebsite/footer.php.

Published Jan 8, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5872: Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client M...

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.

Published Jan 8, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5877: Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magi...

Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444.

Published Jan 8, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5896: CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control,...

CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5854: Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow re...

Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information.

Published Jan 6, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5828: Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used ov...

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.

Published Jan 2, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5853: Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the we...

Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.

Published Jan 6, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5825: The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware d...

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.

Published Jan 2, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5849: Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote...

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

Published Jan 6, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5845: Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote...

Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.

Published Jan 5, 2009 · Updated Aug 7, 2024