CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2008-2445 79 XSS 2008-05-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in profile.php in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action.
52 CVE-2008-2444 89 Exec Code Sql 2008-05-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter.
53 CVE-2008-2443 89 Exec Code Sql 2008-05-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter.
54 CVE-2008-2425 89 Exec Code Sql 2008-05-23 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the letter parameter in a Search action, a different vector than CVE-2008-2416. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
55 CVE-2008-2424 2008-05-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.
56 CVE-2008-2423 DoS 2008-05-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.
57 CVE-2008-2422 89 Exec Code Sql 2008-05-23 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
58 CVE-2008-2421 79 XSS 2008-05-23 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
59 CVE-2008-2420 264 Bypass 2008-05-23 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
60 CVE-2008-2419 399 DoS Exec Code 2008-05-23 2017-08-08
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.
61 CVE-2008-2418 362 DoS 2008-05-23 2017-09-29
4.7
None Local Medium Not required None None Complete
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
62 CVE-2008-2417 89 Exec Code Sql 2008-05-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter.
63 CVE-2008-2416 89 Exec Code Sql 2008-05-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php.
64 CVE-2008-2415 22 Dir. Trav. 2008-05-22 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
65 CVE-2008-2414 79 XSS 2008-05-22 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
66 CVE-2008-2413 79 XSS 2008-05-22 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
67 CVE-2008-2412 89 Exec Code Sql 2008-05-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
68 CVE-2008-2411 89 Exec Code Sql 2008-05-22 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.
69 CVE-2008-2410 79 XSS 2008-05-22 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
70 CVE-2008-2409 119 Exec Code Overflow 2008-05-23 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
71 CVE-2008-2408 119 Exec Code Overflow 2008-05-23 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.
72 CVE-2008-2407 119 Exec Code Overflow 2008-05-23 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.
73 CVE-2008-2400 264 +Priv 2008-05-22 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.
74 CVE-2008-2399 22 Exec Code Dir. Trav. 2008-05-22 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
75 CVE-2008-2398 79 XSS 2008-05-21 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
76 CVE-2008-2397 79 XSS 2008-05-21 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
77 CVE-2008-2396 94 Exec Code File Inclusion 2008-05-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter.
78 CVE-2008-2395 89 Exec Code Sql 2008-05-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
79 CVE-2008-2394 89 Exec Code Sql 2008-05-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.
80 CVE-2008-2393 89 Exec Code Sql 2008-05-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
81 CVE-2008-2392 20 2008-05-21 2018-10-31
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
82 CVE-2008-2391 20 DoS Bypass 2008-05-21 2018-10-11
7.8
None Remote Low Not required None None Complete
SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1.
83 CVE-2008-2390 94 Exec Code 2008-05-21 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
84 CVE-2008-2357 119 Exec Code Overflow 2008-05-21 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
85 CVE-2008-2356 89 Exec Code Sql 2008-05-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
86 CVE-2008-2355 22 Dir. Trav. 2008-05-20 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event.
87 CVE-2008-2354 2008-05-20 2017-08-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the data export function in testMaker before 3.0p10 allows test authors to obtain access to export data via unknown vectors.
88 CVE-2008-2353 22 Dir. Trav. 2008-05-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
89 CVE-2008-2352 22 Dir. Trav. 2008-05-20 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie.
90 CVE-2008-2351 89 Exec Code Sql 2008-05-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.
91 CVE-2008-2350 22 Dir. Trav. 2008-05-20 2017-08-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
92 CVE-2008-2349 264 2008-05-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1.
93 CVE-2008-2348 264 Bypass 2008-05-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.
94 CVE-2008-2347 287 Bypass 2008-05-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
95 CVE-2008-2346 264 Bypass 2008-05-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.
96 CVE-2008-2345 94 Exec Code 2008-05-19 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."
97 CVE-2008-2344 79 XSS 2008-05-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
98 CVE-2008-2343 264 Bypass +Info 2008-05-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
99 CVE-2008-2342 22 Dir. Trav. 2008-05-19 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
100 CVE-2008-2341 94 Exec Code File Inclusion 2008-05-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
Total number of vulnerabilities : 383   Page : 1 2 (This Page)3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.