| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2008-2054 |
|
|
Exec Code |
2008-05-29 |
2017-08-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors. |
|
302 |
CVE-2008-2053 |
|
|
|
2008-05-22 |
2017-08-08 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account. |
|
303 |
CVE-2008-2052 |
59 |
|
|
2008-05-02 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. |
|
304 |
CVE-2008-2051 |
|
|
|
2008-05-05 |
2018-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." |
|
305 |
CVE-2008-2050 |
119 |
|
Overflow |
2008-05-05 |
2018-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. |
|
306 |
CVE-2008-2049 |
200 |
|
+Info |
2008-05-01 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. |
|
307 |
CVE-2008-2048 |
79 |
|
XSS |
2008-05-01 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. |
|
308 |
CVE-2008-2047 |
89 |
|
Exec Code Sql |
2008-05-01 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. |
|
309 |
CVE-2008-2046 |
79 |
|
XSS |
2008-05-01 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
|
310 |
CVE-2008-2045 |
22 |
|
Dir. Trav. |
2008-05-01 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory. |
|
311 |
CVE-2008-2044 |
94 |
|
Exec Code Bypass |
2008-05-01 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. |
|
312 |
CVE-2008-2043 |
352 |
|
Exec Code CSRF |
2008-05-01 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. |
|
313 |
CVE-2008-2042 |
20 |
|
Exec Code Overflow |
2008-05-08 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. |
|
314 |
CVE-2008-2009 |
|
|
DoS Exec Code Mem. Corr. |
2008-05-16 |
2019-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. |
|
315 |
CVE-2008-2006 |
20 |
|
DoS Exec Code |
2008-05-22 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. |
|
316 |
CVE-2008-2005 |
399 |
|
DoS Exec Code |
2008-05-06 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. |
|
317 |
CVE-2008-2004 |
200 |
|
+Info |
2008-05-12 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. |
|
318 |
CVE-2008-1950 |
189 |
|
DoS |
2008-05-21 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. |
|
319 |
CVE-2008-1949 |
287 |
|
DoS |
2008-05-21 |
2018-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. |
|
320 |
CVE-2008-1948 |
189 |
|
DoS Exec Code Overflow |
2008-05-21 |
2018-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. |
|
321 |
CVE-2008-1944 |
119 |
|
DoS Exec Code Overflow |
2008-05-14 |
2017-09-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." |
|
322 |
CVE-2008-1943 |
119 |
|
DoS Exec Code Overflow |
2008-05-14 |
2017-09-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. |
|
323 |
CVE-2008-1922 |
119 |
|
Exec Code Overflow |
2008-05-13 |
2017-08-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file. |
|
324 |
CVE-2008-1880 |
255 |
|
Bypass +Info |
2008-05-12 |
2017-08-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. |
|
325 |
CVE-2008-1804 |
|
|
Bypass |
2008-05-22 |
2017-08-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. |
|
326 |
CVE-2008-1803 |
189 |
|
Exec Code Overflow |
2008-05-12 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. |
|
327 |
CVE-2008-1802 |
119 |
|
Exec Code Overflow |
2008-05-12 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields. |
|
328 |
CVE-2008-1801 |
189 |
|
DoS Exec Code |
2008-05-12 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field. |
|
329 |
CVE-2008-1767 |
119 |
|
DoS Exec Code Overflow |
2008-05-23 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. |
|
330 |
CVE-2008-1749 |
399 |
|
DoS |
2008-05-14 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags. |
|
331 |
CVE-2008-1748 |
20 |
|
DoS |
2008-05-16 |
2019-08-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. |
|
332 |
CVE-2008-1747 |
20 |
|
DoS |
2008-05-16 |
2019-07-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. |
|
333 |
CVE-2008-1746 |
20 |
|
DoS |
2008-05-16 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. |
|
334 |
CVE-2008-1745 |
20 |
|
DoS |
2008-05-16 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. |
|
335 |
CVE-2008-1744 |
20 |
|
DoS |
2008-05-16 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. |
|
336 |
CVE-2008-1743 |
399 |
|
DoS |
2008-05-16 |
2018-10-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433. |
|
337 |
CVE-2008-1742 |
399 |
|
DoS |
2008-05-16 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. |
|
338 |
CVE-2008-1741 |
20 |
|
DoS |
2008-05-16 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533. |
|
339 |
CVE-2008-1740 |
20 |
|
DoS |
2008-05-16 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. |
|
340 |
CVE-2008-1677 |
120 |
|
DoS Exec Code Overflow |
2008-05-12 |
2022-02-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. |
|
341 |
CVE-2008-1675 |
399 |
|
|
2008-05-02 |
2018-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. |
|
342 |
CVE-2008-1672 |
476 |
|
DoS |
2008-05-29 |
2022-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. |
|
343 |
CVE-2008-1669 |
94 |
|
Exec Code |
2008-05-08 |
2018-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." |
|
344 |
CVE-2008-1660 |
|
|
|
2008-05-21 |
2017-09-29 |
6.3 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
None |
|
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors. |
|
345 |
CVE-2008-1659 |
|
|
+Priv |
2008-05-08 |
2017-09-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. |
|
346 |
CVE-2008-1615 |
399 |
|
DoS |
2008-05-08 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. |
|
347 |
CVE-2008-1438 |
399 |
|
DoS |
2008-05-13 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437. |
|
348 |
CVE-2008-1437 |
399 |
|
DoS |
2008-05-13 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438. |
|
349 |
CVE-2008-1434 |
399 |
|
Exec Code Mem. Corr. |
2008-05-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. |
|
350 |
CVE-2008-1423 |
189 |
|
DoS Exec Code Overflow |
2008-05-16 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. |
