CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2008-2120 200 +Info 2008-05-09 2017-08-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
252 CVE-2008-2118 89 Exec Code Sql 2008-05-08 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
253 CVE-2008-2117 79 XSS 2008-05-08 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126.
254 CVE-2008-2116 22 Dir. Trav. 2008-05-08 2018-10-11
4.4
None Local Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
255 CVE-2008-2115 79 XSS 2008-05-08 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action.
256 CVE-2008-2114 89 Exec Code Sql 2008-05-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
257 CVE-2008-2113 89 Exec Code Sql 2008-05-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
258 CVE-2008-2112 +Priv 2008-05-08 2017-08-08
8.5
None Remote Medium ??? Complete Complete Complete
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.
259 CVE-2008-2111 399 Exec Code Mem. Corr. 2008-05-07 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
260 CVE-2008-2110 20 Exec Code 2008-05-07 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.
261 CVE-2008-2109 DoS 2008-05-07 2017-08-08
5.0
None Remote Low Not required None None Partial
field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
262 CVE-2008-2108 189 2008-05-07 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
263 CVE-2008-2107 189 Bypass 2008-05-07 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
264 CVE-2008-2106 20 DoS 2008-05-07 2018-10-11
6.8
None Remote Low ??? None None Complete
Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value.
265 CVE-2008-2105 264 2008-05-07 2017-08-08
3.5
None Remote Medium ??? None Partial None
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.
266 CVE-2008-2104 264 Bypass 2008-05-07 2017-08-08
4.0
None Remote Low ??? None Partial None
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
267 CVE-2008-2103 79 XSS 2008-05-07 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
268 CVE-2008-2096 89 Exec Code Sql 2008-05-07 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.
269 CVE-2008-2095 89 Exec Code Sql 2008-05-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
270 CVE-2008-2094 89 Exec Code Sql 2008-05-06 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
271 CVE-2008-2093 89 Exec Code Sql 2008-05-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
272 CVE-2008-2092 399 DoS 2008-05-06 2017-08-08
7.8
None Remote Low Not required None None Complete
Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios.
273 CVE-2008-2091 22 Dir. Trav. 2008-05-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter.
274 CVE-2008-2090 399 DoS 2008-05-06 2017-09-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
275 CVE-2008-2089 16 DoS 2008-05-06 2017-09-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
276 CVE-2008-2088 89 Exec Code Sql 2008-05-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.
277 CVE-2008-2087 89 Exec Code Sql 2008-05-06 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.
278 CVE-2008-2085 119 DoS Exec Code Overflow 2008-05-12 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.
279 CVE-2008-2084 89 Exec Code Sql 2008-05-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.
280 CVE-2008-2083 89 Exec Code Sql 2008-05-05 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
281 CVE-2008-2082 79 XSS 2008-05-05 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
282 CVE-2008-2081 22 Dir. Trav. 2008-05-05 2017-09-29
9.0
None Remote Low ??? Complete Complete Complete
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
283 CVE-2008-2080 119 Exec Code Overflow 2008-05-06 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.
284 CVE-2008-2079 264 Bypass 2008-05-05 2019-12-17
4.6
None Remote High ??? Partial Partial Partial
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
285 CVE-2008-2078 264 2008-05-05 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue.
286 CVE-2008-2077 2008-05-05 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."
287 CVE-2008-2076 22 Dir. Trav. 2008-05-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.
288 CVE-2008-2075 79 XSS 2008-05-05 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter.
289 CVE-2008-2074 94 Exec Code File Inclusion 2008-05-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.
290 CVE-2008-2073 22 Dir. Trav. 2008-05-05 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
291 CVE-2008-2072 79 XSS 2008-05-05 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260.
292 CVE-2008-2071 352 CSRF 2008-05-12 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
293 CVE-2008-2070 79 XSS Bypass 2008-05-12 2018-10-11
4.3
None Remote Medium Not required None Partial None
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
294 CVE-2008-2069 119 DoS Exec Code Overflow 2008-05-02 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
295 CVE-2008-2068 79 XSS 2008-05-02 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
296 CVE-2008-2067 89 Exec Code Sql 2008-05-02 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.
297 CVE-2008-2066 79 XSS 2008-05-02 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.
298 CVE-2008-2065 89 Exec Code Sql 2008-05-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.
299 CVE-2008-2064 2008-05-02 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."
300 CVE-2008-2063 89 Exec Code Sql 2008-05-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
Total number of vulnerabilities : 383   Page : 1 2 3 4 5 6 (This Page)7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.