LiveActive security incident?Get immediate response
CVE archive

December 2008

Browse CVE records published in December 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 533 matching CVEs · Page 3 of 11.

Unknown · CVSS Not scored

CVE-2008-5769: Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers...

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information.

Published Dec 30, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5690: The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through s...

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.

Published Dec 19, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5744: Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in...

Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync.

Published Dec 26, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5677: Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in t...

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.

Published Dec 18, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5716: xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore di...

xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

Published Dec 24, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5712: The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application cr...

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.

Published Dec 24, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5686: IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other app...

IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.

Published Dec 19, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5671: PHP remote file inclusion vulnerability in index.php in Joomla!

PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published Dec 18, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5701: Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS pl...

Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table.

Published Dec 22, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5695: wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly valid...

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Published Dec 19, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5663: Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated us...

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.

Published Dec 18, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5684: Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 a...

Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).

Published Dec 19, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5676: Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for t...

Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."

Published Dec 18, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5654: SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remot...

SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.

Published Dec 17, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5694: PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might al...

PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.

Published Dec 19, 2008 · Updated Aug 7, 2024