Search Results (363827 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3855 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.
CVE-2008-3868 1 Cce-interact 1 Interact 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.
CVE-2008-3874 1 Lussumo 1 Vanilla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information.
CVE-2008-3883 1 Caudium 1 Caudium 2026-04-23 N/A
configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file.
CVE-2008-2711 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-23 N/A
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
CVE-2008-2715 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
CVE-2008-2721 1 Menalto 1 Gallery 2026-04-23 N/A
Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album.
CVE-2008-2739 1 Cisco 1 Ios 2026-04-23 N/A
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447.
CVE-2008-2760 1 Xigla 1 Absolute Banner Manager 2026-04-23 N/A
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-2767 1 Xigla 1 Absolute Poll Manager Xe 2026-04-23 N/A
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-2777 1 Luca Corbo 1 Ortro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2824 1 Xerox 1 Workcentre 2026-04-23 N/A
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.
CVE-2008-2823 1 Phpeasynews 1 Phpeasyblog 2026-04-23 N/A
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2007-6342 1 David Castro 1 Apache Authcas 2026-04-23 N/A
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
CVE-2008-2832 1 Fullrevolution 1 Aspwebcalendar2008 2026-04-23 N/A
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
CVE-2008-2838 1 Traindepot 1 Traindepot 2026-04-23 N/A
Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
CVE-2009-4360 2 Handcoders, Xoops 2 Content Module, Xoops 2026-04-23 N/A
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-2857 1 Alstrasoft 1 Askme 2026-04-23 N/A
AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-2862 1 Elinestudio 1 Site Composer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
CVE-2008-2868 1 Duware 1 Ducalendar 2026-04-23 N/A
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.