LiveActive security incident?Get immediate response
CVE archive

May 2008

Browse CVE records published in May 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 422 matching CVEs · Page 1 of 9.

Unknown · CVSS Not scored

CVE-2008-6814: Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1...

Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.

Published May 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6807: PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to exe...

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the lib_dir vector is already covered by CVE-2006-6630.

Published May 12, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6810: Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System fo...

Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.

Published May 17, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6792: system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System...

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.

Published May 7, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6811: Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for...

Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.

Published May 17, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6777: Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arb...

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.

Published May 1, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-4828: Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage...

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.

Published May 5, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-3280: It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a resu...

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.

Published May 21, 2021 · Updated Aug 7, 2024