LiveActive security incident?Get immediate response
CVE archive

February 2008

Browse CVE records published in February 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 836 matching CVEs · Page 1 of 17.

Medium · CVSS 6.1

CVE-2008-0642: Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use...

Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280.

Published Feb 15, 2008 · Updated Apr 23, 2025

Unknown · CVSS Not scored

CVE-2008-0725: Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Ser...

Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702.

Published Feb 12, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-0618: Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPres...

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 6, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-0558: Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers...

Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 4, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-4560: HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive...

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.

Published Feb 8, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-0774: Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly...

Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 13, 2008 · Updated Sep 16, 2024