LiveActive security incident?Get immediate response
CVE archive

September 2008

Browse CVE records published in September 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 561 matching CVEs · Page 3 of 12.

Unknown · CVSS Not scored

CVE-2008-7218: Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Tur...

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.

Published Sep 13, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7173: The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access t...

The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.

Published Sep 8, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7154: Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to...

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.

Published Sep 2, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7158: Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary comm...

Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.

Published Sep 2, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7133: Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remot...

Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 1, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-7140: Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attack...

Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.

Published Sep 1, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4363: DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or po...

DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.

Published Sep 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4356: Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute ar...

Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.

Published Sep 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4327: gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows r...

gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.

Published Sep 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4342: NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earl...

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Published Sep 30, 2008 · Updated Aug 7, 2024