CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2008-2054 Exec Code 2008-05-29 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
302 CVE-2008-2053 2008-05-22 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.
303 CVE-2008-2052 59 2008-05-02 2017-08-08
4.3
None Remote Medium Not required None Partial None
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
304 CVE-2008-2051 2008-05-05 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
305 CVE-2008-2050 119 Overflow 2008-05-05 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
306 CVE-2008-2049 200 +Info 2008-05-01 2017-08-08
4.3
None Remote Medium Not required Partial None None
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.
307 CVE-2008-2048 79 XSS 2008-05-01 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter.
308 CVE-2008-2047 89 Exec Code Sql 2008-05-01 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.
309 CVE-2008-2046 79 XSS 2008-05-01 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter.
310 CVE-2008-2045 22 Dir. Trav. 2008-05-01 2018-10-11
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.
311 CVE-2008-2044 94 Exec Code Bypass 2008-05-01 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.
312 CVE-2008-2043 352 Exec Code CSRF 2008-05-01 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
313 CVE-2008-2042 20 Exec Code Overflow 2008-05-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
314 CVE-2008-2009 DoS Exec Code Mem. Corr. 2008-05-16 2019-10-29
4.3
None Remote Medium Not required None None Partial
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
315 CVE-2008-2006 20 DoS Exec Code 2008-05-22 2018-10-11
4.3
None Remote Medium Not required None None Partial
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.
316 CVE-2008-2005 399 DoS Exec Code 2008-05-06 2018-10-11
5.0
None Remote Low Not required None None Partial
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.
317 CVE-2008-2004 200 +Info 2008-05-12 2017-09-29
4.9
None Local Low Not required Complete None None
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
318 CVE-2008-1950 189 DoS 2008-05-21 2018-10-11
5.0
None Remote Low Not required None None Partial
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
319 CVE-2008-1949 287 DoS 2008-05-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
320 CVE-2008-1948 189 DoS Exec Code Overflow 2008-05-21 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
321 CVE-2008-1944 119 DoS Exec Code Overflow 2008-05-14 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages."
322 CVE-2008-1943 119 DoS Exec Code Overflow 2008-05-14 2017-09-29
2.1
None Local Low Not required None None Partial
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer.
323 CVE-2008-1922 119 Exec Code Overflow 2008-05-13 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.
324 CVE-2008-1880 255 Bypass +Info 2008-05-12 2017-08-08
5.0
None Remote Low Not required Partial None None
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
325 CVE-2008-1804 Bypass 2008-05-22 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.
326 CVE-2008-1803 189 Exec Code Overflow 2008-05-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.
327 CVE-2008-1802 119 Exec Code Overflow 2008-05-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
328 CVE-2008-1801 189 DoS Exec Code 2008-05-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
329 CVE-2008-1767 119 DoS Exec Code Overflow 2008-05-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
330 CVE-2008-1749 399 DoS 2008-05-14 2017-08-08
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags.
331 CVE-2008-1748 20 DoS 2008-05-16 2019-08-01
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
332 CVE-2008-1747 20 DoS 2008-05-16 2019-07-31
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.
333 CVE-2008-1746 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.
334 CVE-2008-1745 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
335 CVE-2008-1744 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
336 CVE-2008-1743 399 DoS 2008-05-16 2018-10-31
7.8
None Remote Low Not required None None Complete
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.
337 CVE-2008-1742 399 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
338 CVE-2008-1741 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.
339 CVE-2008-1740 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.
340 CVE-2008-1677 120 DoS Exec Code Overflow 2008-05-12 2022-02-03
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
341 CVE-2008-1675 399 2008-05-02 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
342 CVE-2008-1672 476 DoS 2008-05-29 2022-02-02
4.3
None Remote Medium Not required None None Partial
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
343 CVE-2008-1669 94 Exec Code 2008-05-08 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
344 CVE-2008-1660 2008-05-21 2017-09-29
6.3
None Local Medium Not required Complete Complete None
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
345 CVE-2008-1659 +Priv 2008-05-08 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
346 CVE-2008-1615 399 DoS 2008-05-08 2017-09-29
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
347 CVE-2008-1438 399 DoS 2008-05-13 2018-10-12
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
348 CVE-2008-1437 399 DoS 2008-05-13 2018-10-12
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
349 CVE-2008-1434 399 Exec Code Mem. Corr. 2008-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
350 CVE-2008-1423 189 DoS Exec Code Overflow 2008-05-16 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
Total number of vulnerabilities : 383   Page : 1 2 3 4 5 6 7 (This Page)8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.