CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2008 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-2503 119 Overflow 2008-05-29 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack vectors.
2 CVE-2008-2486 2008-05-28 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in eMule Plus before 1.2d has unknown impact and attack vectors related to "staticservers.dat processing."
3 CVE-2008-2481 94 Exec Code File Inclusion 2008-05-28 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter.
4 CVE-2008-2480 94 Exec Code File Inclusion 2008-05-28 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the _pages_dir parameter.
5 CVE-2008-2424 2008-05-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.
6 CVE-2008-2423 DoS 2008-05-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.
7 CVE-2008-2409 119 Exec Code Overflow 2008-05-23 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
8 CVE-2008-2408 119 Exec Code Overflow 2008-05-23 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.
9 CVE-2008-2407 119 Exec Code Overflow 2008-05-23 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.
10 CVE-2008-2399 22 Exec Code Dir. Trav. 2008-05-22 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
11 CVE-2008-2392 20 2008-05-21 2018-10-31
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
12 CVE-2008-2345 94 Exec Code 2008-05-19 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."
13 CVE-2008-2283 20 2008-05-18 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1 ActiveX control in IDAutomationDMATRIX6.DLL (aka IDautomation Datamatrix Barcode) 1.6.0.6, (c) the IDAuto.PDF417.1 ActiveX control in IDAutomationPDF417_6.dll (aka IDautomation PDF417 Barcode) 1.6.0.6, and (d) the IDAuto.Aztec.1 ActiveX control in IDAutomationAZTEC.dll (aka IDautomation Aztec Barcode) 1.7.1.0.
14 CVE-2008-2281 2008-05-18 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
15 CVE-2008-2273 +Priv 2008-05-16 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors.
16 CVE-2008-2241 22 Exec Code Dir. Trav. 2008-05-21 2021-04-09
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.
17 CVE-2008-2240 119 DoS Exec Code Overflow 2008-05-22 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.
18 CVE-2008-2228 94 Exec Code File Inclusion 2008-05-14 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter.
19 CVE-2008-2221 +Priv 2008-05-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.
20 CVE-2008-2216 264 2008-05-14 2017-09-29
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.
21 CVE-2008-2214 119 DoS Exec Code Overflow 2008-05-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
22 CVE-2008-2192 94 2008-05-14 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
23 CVE-2008-2161 119 Exec Code Overflow 2008-05-12 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
24 CVE-2008-2160 94 Exec Code 2008-05-12 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
25 CVE-2008-2158 119 Exec Code Overflow 2008-05-29 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
26 CVE-2008-2157 20 Exec Code 2008-05-29 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
27 CVE-2008-2144 DoS Exec Code 2008-05-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
28 CVE-2008-2111 399 Exec Code Mem. Corr. 2008-05-07 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
29 CVE-2008-2081 22 Dir. Trav. 2008-05-05 2017-09-29
9.0
None Remote Low ??? Complete Complete Complete
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
30 CVE-2008-2077 2008-05-05 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."
31 CVE-2008-2069 119 DoS Exec Code Overflow 2008-05-02 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
32 CVE-2008-2064 2008-05-02 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."
33 CVE-2008-2054 Exec Code 2008-05-29 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
34 CVE-2008-2053 2008-05-22 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.
35 CVE-2008-2051 2008-05-05 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
36 CVE-2008-2050 119 Overflow 2008-05-05 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
37 CVE-2008-2042 20 Exec Code Overflow 2008-05-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
38 CVE-2008-1949 287 DoS 2008-05-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
39 CVE-2008-1948 189 DoS Exec Code Overflow 2008-05-21 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
40 CVE-2008-1922 119 Exec Code Overflow 2008-05-13 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.
41 CVE-2008-1803 189 Exec Code Overflow 2008-05-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.
42 CVE-2008-1802 119 Exec Code Overflow 2008-05-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
43 CVE-2008-1801 189 DoS Exec Code 2008-05-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
44 CVE-2008-1434 399 Exec Code Mem. Corr. 2008-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
45 CVE-2008-1423 189 DoS Exec Code Overflow 2008-05-16 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
46 CVE-2008-1104 119 Exec Code Overflow 2008-05-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.
47 CVE-2008-1091 94 Exec Code Overflow 2008-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
48 CVE-2008-0958 119 Exec Code Overflow 2008-05-29 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors.
49 CVE-2008-0955 119 Exec Code Overflow 2008-05-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.
50 CVE-2008-0599 Exec Code 2008-05-05 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Total number of vulnerabilities : 51   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.