Export limit exceeded: 363849 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363849 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2701 1 Joomla 1 Com Gameq 2026-04-23 N/A
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
CVE-2008-2691 1 Jiro 1 Faq Manager Experience 2026-04-23 N/A
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.
CVE-2008-2682 1 Realm Project 1 Realm Cms 2026-04-23 N/A
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVE-2007-2368 1 Webspell 1 Webspell 2026-04-23 N/A
picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.
CVE-2008-2031 1 Vicftps 1 Vicftps 2026-04-23 N/A
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6207 2 Redhat, Xensource Inc 2 Enterprise Linux, Xen 2026-04-23 N/A
Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
CVE-2008-2076 1 Actualscripts 1 Actualanalyzer Lite 2026-04-23 N/A
Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.
CVE-2007-2383 1 Prototypejs 1 Prototype Framework 2026-04-23 N/A
The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVE-2007-6098 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.
CVE-2008-2104 1 Mozilla 1 Bugzilla 2026-04-23 N/A
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
CVE-2008-2124 1 Fipsasp 1 Fipscms 2026-04-23 N/A
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.
CVE-2008-2125 1 Musicbox 1 Musicbox 2026-04-23 N/A
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
CVE-2008-2144 1 Sun 1 Sunos 2026-04-23 N/A
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
CVE-2008-2145 1 Novell 1 Client 2026-04-23 N/A
Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog.
CVE-2008-2154 1 Ibm 1 Db2 2026-04-23 N/A
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
CVE-2008-2161 2 Microsoft, Tftp 2 All Windows, Tftp Server Sp 2026-04-23 N/A
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
CVE-2008-0210 1 Uebimiau 1 Webmail 2026-04-23 N/A
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.
CVE-2008-2174 1 Shelter Manager 1 Animal Shelter Manager 2026-04-23 N/A
Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing."
CVE-2008-2183 1 Toocharger 1 Smartblog 2026-04-23 N/A
SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter.
CVE-2007-6214 1 Learnloop 1 Learnloop 2026-04-23 N/A
Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.