CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2008(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-1110 119 DoS Exec Code Overflow 2008-02-29 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
2 CVE-2008-1095 264 DoS Bypass 2008-02-29 2018-10-30
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
3 CVE-2008-1072 DoS 2008-02-28 2018-10-11
4.7
None Local Medium Not required None None Complete
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
4 CVE-2008-1071 399 DoS 2008-02-28 2018-10-11
4.3
None Remote Medium Not required None None Partial
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
5 CVE-2008-1070 DoS 2008-02-28 2018-10-11
5.0
None Remote Low Not required None None Partial
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
6 CVE-2008-1062 20 DoS 2008-02-28 2008-09-05
5.0
None Remote Low Not required None None Partial
InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
7 CVE-2008-1058 DoS 2008-02-28 2018-10-30
7.8
None Remote Low Not required None None Complete
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.
8 CVE-2008-1057 DoS 2008-02-28 2018-10-30
7.8
None Remote Low Not required None None Complete
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.
9 CVE-2008-1055 134 DoS Exec Code 2008-02-27 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
10 CVE-2008-1054 119 DoS Exec Code Overflow 2008-02-27 2018-10-11
6.4
None Remote Low Not required None Partial Partial
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
11 CVE-2008-1052 119 DoS Overflow 2008-02-27 2018-10-11
6.4
None Remote Low Not required None Partial Partial
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
12 CVE-2008-0983 399 DoS 2008-02-26 2018-10-15
5.0
None Remote Low Not required None None Partial
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
13 CVE-2008-0979 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function.
14 CVE-2008-0977 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory.
15 CVE-2008-0976 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.
16 CVE-2008-0975 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value.
17 CVE-2008-0974 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.
18 CVE-2008-0945 134 DoS 2008-02-25 2018-10-15
3.5
None Remote Medium Single system None None Partial
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.
19 CVE-2008-0944 189 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required Partial None None
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
20 CVE-2008-0933 362 DoS 2008-02-25 2017-09-28
4.7
None Local Medium Not required None None Complete
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
21 CVE-2008-0912 119 DoS Exec Code Overflow 2008-02-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.
22 CVE-2008-0903 DoS 2008-02-22 2008-09-05
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
23 CVE-2008-0894 DoS 2008-02-21 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.
24 CVE-2008-0882 119 DoS Exec Code Overflow 2008-02-21 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
25 CVE-2008-0876 20 DoS 2008-02-21 2008-09-05
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data."
26 CVE-2008-0875 DoS 2008-02-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Hitachi EUR Print Manager, and related Client and Local Server products, 05-06 through 05-06-/B and 05-08 allows remote attackers to cause a denial of service (service hang or termination) via unspecified vectors related to "unexpected data."
27 CVE-2008-0859 399 DoS Mem. Corr. 2008-02-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
28 CVE-2008-0852 DoS 2008-02-20 2018-10-15
5.0
None Remote Low Not required None None Partial
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
29 CVE-2008-0836 DoS 2008-02-20 2008-09-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
30 CVE-2008-0830 20 DoS 2008-02-19 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.
31 CVE-2008-0791 20 DoS 2008-02-14 2018-10-15
5.0
None Remote Low Not required None None Partial
ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.
32 CVE-2008-0778 119 DoS Exec Code Overflow 2008-02-14 2018-10-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
33 CVE-2008-0767 189 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.
34 CVE-2008-0759 310 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
35 CVE-2008-0756 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.
36 CVE-2008-0729 399 DoS 2008-02-12 2018-10-15
7.1
None Remote Medium Not required None None Complete
Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information.
37 CVE-2008-0725 119 DoS Exec Code Overflow 2008-02-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702.
38 CVE-2008-0718 20 DoS 2008-02-11 2017-09-28
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
39 CVE-2008-0702 119 DoS Exec Code Overflow 2008-02-11 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
40 CVE-2008-0693 119 DoS Overflow 2008-02-11 2009-08-25
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101.
41 CVE-2008-0680 DoS 2008-02-11 2017-10-03
7.8
None Remote Low Not required None None Complete
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
42 CVE-2008-0672 20 DoS 2008-02-11 2018-10-15
5.0
None Remote Low Not required None None Partial
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
43 CVE-2008-0658 399 DoS 2008-02-13 2018-10-15
4.0
None Remote Low Single system None None Partial
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
44 CVE-2008-0646 119 DoS Overflow 2008-02-07 2008-11-04
7.8
None Remote Low Not required None None Complete
The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message.
45 CVE-2008-0633 119 DoS Overflow 2008-02-06 2018-10-15
6.0
None Remote Medium Single system Partial Partial Partial
Buffer overflow in Anon Proxy Server 0.102 and earlier, when user authentication is enabled, allows remote attackers to cause a denial of service (exception) via a user name with a large number of quotes, which triggers the overflow during escaping.
46 CVE-2008-0628 264 DoS 2008-02-06 2018-10-15
7.8
None Remote Medium Not required None Partial Complete
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
47 CVE-2008-0620 119 DoS Overflow 2008-02-06 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.
48 CVE-2008-0619 119 DoS Exec Code Overflow 2008-02-06 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
49 CVE-2008-0610 119 1 DoS Exec Code Overflow 2008-02-06 2012-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.
50 CVE-2008-0608 119 DoS Overflow 2008-02-06 2018-10-15
5.0
None Remote Low Not required None None Partial
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
Total number of vulnerabilities : 80   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.