LiveActive security incident?Get immediate response
CVE archive

October 2008

Browse CVE records published in October 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 542 matching CVEs · Page 2 of 11.

Unknown · CVSS Not scored

CVE-2008-4801: Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Accept...

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.

Published Oct 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4803: Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allow...

Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Oct 31, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4804: SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbit...

SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

Published Oct 31, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4775: Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions in...

Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

Published Oct 28, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4771: Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.d...

Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.

Published Oct 28, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4788: Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which...

Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.

Published Oct 29, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4768: SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via th...

SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Oct 28, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4769: Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPre...

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.

Published Oct 28, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4572: GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (cras...

GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.

Published Oct 15, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4618: The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not p...

The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.

Published Oct 20, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4767: Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to e...

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

Published Oct 28, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4728: Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control...

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

Published Oct 23, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4725: Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbit...

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.

Published Oct 23, 2008 · Updated Aug 7, 2024