CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2008(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5756 119 1 DoS Exec Code Overflow 2008-12-30 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
2 CVE-2008-5755 119 1 Exec Code Overflow 2008-12-30 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
3 CVE-2008-5754 119 2 Exec Code Overflow 2008-12-30 2009-06-08
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
4 CVE-2008-5753 119 1 Exec Code Overflow 2008-12-30 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BulletProof FTP Client 2.63 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name.
5 CVE-2008-5745 189 1 DoS Exec Code Overflow 2008-12-29 2009-05-19
4.3
None Remote Medium Not required None None Partial
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
6 CVE-2008-5735 119 2 Exec Code Overflow 2008-12-26 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
7 CVE-2008-5722 119 1 DoS Exec Code Overflow 2008-12-26 2009-01-29
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file.
8 CVE-2008-5711 119 1 Exec Code Overflow 2008-12-24 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
9 CVE-2008-5702 119 Overflow 2008-12-22 2012-03-19
7.2
None Local Low Not required Complete Complete Complete
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
10 CVE-2008-5691 119 1 Exec Code Overflow 2008-12-19 2009-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
11 CVE-2008-5680 119 Exec Code Overflow 2008-12-19 2012-06-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
12 CVE-2008-5664 119 1 Exec Code Overflow 2008-12-18 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
13 CVE-2008-5662 119 Exec Code Overflow 2008-12-17 2010-05-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors.
14 CVE-2008-5616 119 Exec Code Overflow 2008-12-16 2009-05-14
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
15 CVE-2008-5557 119 Exec Code Overflow 2008-12-23 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
16 CVE-2008-5514 119 DoS Overflow 2008-12-23 2009-02-05
4.3
None Remote Medium Not required None None Partial
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
17 CVE-2008-5500 399 DoS Overflow Mem. Corr. 2008-12-17 2012-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
18 CVE-2008-5492 119 1 Exec Code Overflow 2008-12-12 2009-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
19 CVE-2008-5419 119 Exec Code Overflow 2008-12-10 2009-08-12
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests.
20 CVE-2008-5416 119 1 DoS Exec Code Overflow 2008-12-10 2011-02-17
9.0
None Remote Low Single system Complete Complete Complete
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
21 CVE-2008-5409 119 DoS Exec Code Overflow 2008-12-10 2009-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
22 CVE-2008-5408 119 DoS Exec Code Overflow 2008-12-10 2009-08-12
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407.
23 CVE-2008-5406 119 1 DoS Exec Code Overflow 2008-12-10 2009-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
24 CVE-2008-5405 119 2 Exec Code Overflow 2008-12-10 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
25 CVE-2008-5403 119 Exec Code Overflow 2008-12-10 2009-08-19
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
26 CVE-2008-5401 119 Exec Code Overflow 2008-12-10 2009-01-29
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
27 CVE-2008-5395 119 DoS Overflow 2008-12-08 2012-03-19
4.9
None Local Low Not required None None Complete
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses.
28 CVE-2008-5387 119 Overflow +Priv 2008-12-08 2010-08-21
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
29 CVE-2008-5386 119 Overflow +Priv 2008-12-08 2008-12-17
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.
30 CVE-2008-5383 119 1 DoS Exec Code Overflow 2008-12-08 2009-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file.
31 CVE-2008-5381 119 Exec Code Overflow 2008-12-08 2009-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL.
32 CVE-2008-5364 119 Exec Code Overflow 2008-12-08 2010-10-25
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817.
33 CVE-2008-5359 119 Exec Code Overflow 2008-12-05 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.
34 CVE-2008-5358 119 Exec Code Overflow Mem. Corr. 2008-12-05 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
35 CVE-2008-5357 189 Exec Code Overflow 2008-12-05 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.
36 CVE-2008-5356 119 Exec Code Overflow 2008-12-05 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.
37 CVE-2008-5354 119 Exec Code Overflow 2008-12-05 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
38 CVE-2008-5352 189 Overflow +Priv 2008-12-05 2010-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
39 CVE-2008-5316 119 Overflow 2008-12-03 2012-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.
40 CVE-2008-5297 119 1 Exec Code Overflow 2008-12-01 2009-08-20
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function.
41 CVE-2008-5286 189 Exec Code Overflow Bypass 2008-12-01 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
42 CVE-2008-5282 119 Exec Code Overflow 2008-11-28 2009-01-29
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
43 CVE-2008-5281 119 1 Exec Code Overflow 2008-11-28 2008-12-01
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
44 CVE-2008-5279 119 Exec Code Overflow +Info 2008-11-28 2008-12-01
10.0
Admin Remote Low Not required Complete Complete Complete
The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.
45 CVE-2008-5276 189 Exec Code Overflow 2008-12-03 2012-01-27
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
46 CVE-2008-5246 119 Exec Code Overflow 2008-11-25 2009-03-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
47 CVE-2008-5245 119 Overflow 2008-11-25 2009-03-18
9.3
Admin Remote Medium Not required Complete Complete Complete
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
48 CVE-2008-5242 119 DoS Exec Code Overflow 2008-11-25 2009-08-20
6.8
User Remote Medium Not required Partial Partial Partial
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
49 CVE-2008-5240 119 DoS Exec Code Overflow 2008-11-25 2009-08-26
4.3
None Remote Medium Not required None None Partial
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.
50 CVE-2008-5239 119 DoS Exec Code Overflow 2008-11-25 2009-08-20
4.3
None Remote Medium Not required None None Partial
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
Total number of vulnerabilities : 699   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.