Export limit exceeded: 363836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363836 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3735 1 Phpizabi 1 Phpizabi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.
CVE-2008-3771 1 Pars4u 1 Videosharing 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.
CVE-2008-3776 1 Fujitsu 1 Web Based Admin View 2026-04-23 N/A
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2008-3803 1 Cisco 1 Ios 2026-04-23 N/A
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
CVE-2008-3808 1 Cisco 1 Ios 2026-04-23 N/A
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
CVE-2008-3809 1 Cisco 1 Ios 2026-04-23 N/A
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
CVE-2008-3820 1 Cisco 1 Security Manager 2026-04-23 N/A
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
CVE-2008-3846 1 Aquagardensoft 1 Mysql-lists 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3847 1 Aguestbook 1 An Guestbook 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3855 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.
CVE-2008-3868 1 Cce-interact 1 Interact 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.
CVE-2008-3874 1 Lussumo 1 Vanilla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information.
CVE-2008-3883 1 Caudium 1 Caudium 2026-04-23 N/A
configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file.
CVE-2008-2711 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-23 N/A
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
CVE-2008-2715 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
CVE-2008-2721 1 Menalto 1 Gallery 2026-04-23 N/A
Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album.
CVE-2008-2739 1 Cisco 1 Ios 2026-04-23 N/A
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447.
CVE-2008-2760 1 Xigla 1 Absolute Banner Manager 2026-04-23 N/A
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-2767 1 Xigla 1 Absolute Poll Manager Xe 2026-04-23 N/A
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-2777 1 Luca Corbo 1 Ortro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.