LiveActive security incident?Get immediate response
CVE archive

August 2008

Browse CVE records published in August 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 623 matching CVEs · Page 4 of 13.

Unknown · CVSS Not scored

CVE-2008-7011: The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pa...

The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.

Published Aug 19, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6925: Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to injec...

Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Aug 10, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6998: Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versio...

Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.

Published Aug 18, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6948: Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arb...

Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature.

Published Aug 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6934: Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, wh...

Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.

Published Aug 11, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6971: The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, an...

The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.

Published Aug 13, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6965: AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do n...

AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.

Published Aug 13, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7035: Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 all...

Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Aug 24, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6994: Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google...

Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.

Published Aug 18, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6958: wap/index.php in Crossday Discuz!

wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.

Published Aug 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6926: Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module...

Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.

Published Aug 10, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6956: Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated admi...

Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information.

Published Aug 12, 2009 · Updated Aug 7, 2024