LiveActive security incident?Get immediate response
CVE archive

August 2008

Browse CVE records published in August 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 623 matching CVEs · Page 2 of 13.

Unknown · CVSS Not scored

CVE-2008-7088: Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticat...

Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.

Published Aug 26, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7098: Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to injec...

Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3) the gallery, possibly the Description field in Your Pictures; (4) the forum, possibly the Your Message field when posting a new thread; or (5) the vote parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.

Published Aug 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7092: Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote atta...

Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors.

Published Aug 26, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7115: The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows...

The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.

Published Aug 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7068: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of servi...

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Published Aug 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7074: Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP...

Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."

Published Aug 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7105: Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of ser...

Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104.

Published Aug 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7106: The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and an...

The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay).

Published Aug 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7122: Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Regis...

Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods.

Published Aug 31, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7097: Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary...

Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php.

Published Aug 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7095: The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows...

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

Published Aug 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7078: Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (s...

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.

Published Aug 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7082: MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php wit...

MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.

Published Aug 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7075: Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd.

Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.

Published Aug 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7070: Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute...

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.

Published Aug 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7064: Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and ea...

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.

Published Aug 25, 2009 · Updated Aug 7, 2024