LiveActive security incident?Get immediate response
CVE archive

August 2008

Browse CVE records published in August 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 623 matching CVEs · Page 1 of 13.

High · CVSS 7.5

CVE-2008-20001: activePDF WebGrabber ActiveX Control Buffer Overflow

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.

Published Aug 30, 2025 · Updated May 15, 2026

High · CVSS 8.8 · CISA KEV

CVE-2008-3431: The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITH...

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

Published Aug 5, 2008 · Updated Oct 22, 2025

High · CVSS 7.8

CVE-2008-3282: Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocato...

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.

Published Aug 29, 2008 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2008-7120: SQL injection vulnerability in Mr.

SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.

Published Aug 28, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7297: Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-...

Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7296: Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows...

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7295: Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions...

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7046: AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new poll...

AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Aug 24, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7050: The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PH...

The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

Published Aug 24, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7294: Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessi...

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-3590: Multiple SQL injection vulnerabilities in admin/login.asp in E.

Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Aug 11, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7293: Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, w...

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7258: The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denia...

The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact

Published Aug 20, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7002: PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions,...

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.

Published Aug 18, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7298: The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessi...

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7096: Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MG...

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.

Published Aug 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7108: Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attac...

Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors.

Published Aug 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7126: Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote...

Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.

Published Aug 31, 2009 · Updated Aug 7, 2024