Search Results (360766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3470 1 Ibm 1 Informix Dynamic Server 2026-04-23 N/A
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.
CVE-2008-4515 1 Blue Coat Systems 1 K9 Web Protection 2026-04-23 N/A
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.
CVE-2008-4511 1 Todd Woolums 1 Asp News Management 2026-04-23 N/A
Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2008-4505 1 Ibm 1 Lotus Quickr 2026-04-23 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability.
CVE-2008-4488 1 Atarone 1 Atarone 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4476 1 Sympa 1 Sympa 2026-04-23 N/A
sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.
CVE-2008-4450 1 Apache Friends 1 Xampp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4407 1 Debian 1 Xsabre 2026-04-23 N/A
XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten.
CVE-2008-3753 1 Yourfreeworld 1 Programs Rating Script 2026-04-23 N/A
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3456 1 Google 1 Chrome 2026-04-23 N/A
Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3548 1 Sun 1 Netra T5220 Server 2026-04-23 N/A
Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2008-4398 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2026-04-23 N/A
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.
CVE-2008-3499 1 Ektron 1 Cms4000.net 2026-04-23 N/A
Unspecified vulnerability in "a page in the workarea folder" in Ektron CMS400.NET 7.00 through 7.04 and 7.50 through 7.52 has unknown impact and attack vectors.
CVE-2008-3450 1 Sun 1 Sunos 2026-04-23 N/A
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.
CVE-2008-3449 1 Mailenable 1 Mailenable 2026-04-23 N/A
MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.
CVE-2008-3423 1 Ibm 1 Websphere Portal 2026-04-23 N/A
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
CVE-2008-3393 1 Infomining 1 Bookmine 2026-04-23 N/A
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.
CVE-2008-4379 1 Mr. Cgi Guy 1 Hot Links Sql Php 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-4369 1 Availscript 1 Availscript Photo Album 2026-04-23 N/A
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2008-4365 1 Siteman 1 Siteman 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.