HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
CWE-20
CVE-2008-0414
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka “focus spoofing.”
CVE-2008-0373
Unrestricted file upload vulnerability in PHP F1 Max’s File Uploader allows remote attackers to upload and execute arbitrary PHP files.
CVE-2008-0386
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
CVE-2008-0331
Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.
CVE-2008-0277
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.