LiveActive security incident?Get immediate response
CVE archive

2008 CVE Archive

Browse CVE records published in 2008 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 7005 matching CVEs · Page 2 of 141.

Unknown · CVSS Not scored

CVE-2008-5915: An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary...

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Jan 20, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7296: Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows...

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-1469: Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) g...

Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 24, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-4953: firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/....

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.

Published Nov 5, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7166: Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (buil...

Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.

Published Sep 4, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7295: Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions...

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Published Aug 9, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-5230: The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors'...

The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.

Published Nov 25, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-5914: An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary f...

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Jan 20, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7046: AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new poll...

AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Aug 24, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7146: IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to ob...

IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message.

Published Sep 1, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7050: The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PH...

The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

Published Aug 24, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-0725: Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Ser...

Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702.

Published Feb 12, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-0618: Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPres...

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 6, 2008 · Updated Sep 17, 2024