LiveActive security incident?Get immediate response
CVE archive

July 2008

Browse CVE records published in July 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 559 matching CVEs · Page 1 of 12.

High · CVSS 8.8 · CISA KEV

CVE-2008-0015: Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL...

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."

Published Jul 7, 2009 · Updated Feb 18, 2026

Critical · CVSS 9.8

CVE-2008-2374: src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 version...

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Published Jul 7, 2008 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2008-6877: Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htac...

Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

Published Jul 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6882: Live Chat (com_livechat) component 1.0 for Joomla!

Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.

Published Jul 30, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6878: Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and ea...

Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

Published Jul 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6841: PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Databas...

PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.

Published Jul 1, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6844: The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before...

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

Published Jul 2, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6840: Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arb...

Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/; the CONFIG[pear_dir] parameter to (j) includes/prepend.php, and (k) includes/cachedConfig.php; and the (2) CONFIG[includes] parameter to (l) prepend.php and (m) email.list.search.php in includes/. NOTE: the CONFIG[pear_dir] parameter to includes/mailaccess/pop3.php is already covered by CVE-2006-2666.

Published Jul 1, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6846: Multiple stack-based buffer overflows in avast!

Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.

Published Jul 2, 2009 · Updated Aug 7, 2024