Search Results (363836 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2951 2 Edgewall, Fedoraproject 2 Trac, Fedora 2026-04-23 6.1 Medium
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
CVE-2008-2959 1 Microsoft 1 Visual Basic Enterprise Edition 2026-04-23 N/A
Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.
CVE-2008-2976 1 Tinx Cms 1 Tinx Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php.
CVE-2008-2986 1 Phpdmca 1 Phpdmca 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/.
CVE-2008-2988 1 Benjacms 1 Benja Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/.
CVE-2008-2709 1 Ibm 1 Os 400 2026-04-23 N/A
Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.
CVE-2008-2704 1 Novell 1 Groupwise Messenger 2026-04-23 N/A
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2008-2701 1 Joomla 1 Com Gameq 2026-04-23 N/A
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
CVE-2008-2691 1 Jiro 1 Faq Manager Experience 2026-04-23 N/A
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.
CVE-2008-2682 1 Realm Project 1 Realm Cms 2026-04-23 N/A
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVE-2007-2368 1 Webspell 1 Webspell 2026-04-23 N/A
picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.
CVE-2008-2031 1 Vicftps 1 Vicftps 2026-04-23 N/A
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6207 2 Redhat, Xensource Inc 2 Enterprise Linux, Xen 2026-04-23 N/A
Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
CVE-2008-2076 1 Actualscripts 1 Actualanalyzer Lite 2026-04-23 N/A
Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.
CVE-2007-2383 1 Prototypejs 1 Prototype Framework 2026-04-23 N/A
The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVE-2007-6098 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.
CVE-2008-2104 1 Mozilla 1 Bugzilla 2026-04-23 N/A
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
CVE-2008-2124 1 Fipsasp 1 Fipscms 2026-04-23 N/A
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.
CVE-2008-2125 1 Musicbox 1 Musicbox 2026-04-23 N/A
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
CVE-2008-2144 1 Sun 1 Sunos 2026-04-23 N/A
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.