LiveActive security incident?Get immediate response
CVE archive

December 2008

Browse CVE records published in December 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 533 matching CVEs · Page 1 of 11.

Critical · CVSS 9.8

CVE-2008-3465: Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1...

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."

Published Dec 10, 2008 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2008-5421: The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a de...

The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header.

Published Dec 11, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7250: Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote atta...

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

Published Dec 30, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7270: OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modificati...

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

Published Dec 6, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5793: Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) compone...

Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.

Published Dec 31, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5749: Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to e...

Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.

Published Dec 29, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5790: Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1...

Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.

Published Dec 31, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5752: Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier...

Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.

Published Dec 30, 2008 · Updated Aug 7, 2024