Search Results (363488 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1342 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
CVE-2008-1135 1 Omegasoft 1 Interneserviceslosungen 2026-04-23 N/A
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
CVE-2008-1133 1 Drupal 1 Drupal 2026-04-23 N/A
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2008-1128 1 Phpmytourney 1 Phpmytourney 2026-04-23 N/A
PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2008-0897 1 Bea 1 Weblogic Server 2026-04-23 N/A
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.
CVE-2008-5036 1 Videolan 1 Vlc Media Player 2026-04-23 N/A
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
CVE-2008-5276 1 Videolan 1 Vlc Media Player 2026-04-23 N/A
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
CVE-2008-0898 1 Bea 1 Weblogic Server 2026-04-23 N/A
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
CVE-2008-0902 2 Bea, Bea Systems 2 Weblogic Server, Weblogic Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
CVE-2008-0904 1 Bea Systems 2 Aqualogic Interaction, Plumtree Collaboration 2026-04-23 N/A
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2008-0909 1 Schoolwires 1 Academic Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5785 1 Jobsiteprofessional 1 Jobsite Professional 2026-04-23 N/A
SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0918 2 Astats, Joomla 2 Astatspro, Com Astatspro 2026-04-23 N/A
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0922 1 Php-nuke 1 Manuales 2026-04-23 N/A
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
CVE-2008-0933 1 Sun 1 Solaris 2026-04-23 N/A
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
CVE-2008-0934 2 Nukec, Php-nuke 2 Nukec, Nukec Module 2026-04-23 N/A
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
CVE-2008-0936 1 Xoops 1 Prayer List Module 2026-04-23 N/A
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
CVE-2008-0943 1 Aeries 1 Aeries Student Information System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
CVE-2008-0949 1 Ibm 1 Informix Dynamic Server 2026-04-23 N/A
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
CVE-2008-0952 1 Hp 1 Instant Support 2026-04-23 N/A
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.