Export limit exceeded: 346253 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346253 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0441 | 1 Ibm | 1 Tivoli Business Service Manager | 2026-04-23 | N/A |
| IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information. | ||||
| CVE-2008-1621 | 1 Geertsen Holdings Inc | 1 Geecarts | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0442 | 1 Small Axe Solutions | 1 Weblog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0444 | 1 Elog | 1 Elog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. | ||||
| CVE-2008-0448 | 1 Cybergl Dev Team | 1 Phpsearch | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter. | ||||
| CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2026-04-23 | N/A |
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0454 | 2 Microsoft, Skype Technologies | 3 Internet Explorer, Windows, Skype | 2026-04-23 | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." | ||||
| CVE-2008-2732 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315. | ||||
| CVE-2008-0459 | 1 Liquidsilvercms | 1 Liquidsilvercms | 2026-04-23 | N/A |
| Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. | ||||
| CVE-2008-0465 | 1 Seagullproject.org | 1 Seagull | 2026-04-23 | N/A |
| Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter. | ||||
| CVE-2008-2733 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2026-04-23 | N/A |
| Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. | ||||
| CVE-2008-0466 | 1 Webwiz | 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor | 2026-04-23 | N/A |
| Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. | ||||
| CVE-2007-5350 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." | ||||
| CVE-2008-1649 | 1 Myiosoft | 1 Easynews | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action. | ||||
| CVE-2006-7153 | 1 Minibb | 1 Forum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter. | ||||
| CVE-2008-1650 | 1 Myiosoft | 1 Easynews | 2026-04-23 | N/A |
| SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action. | ||||
| CVE-2006-7171 | 1 Koan Software | 1 Mega Mall | 2026-04-23 | N/A |
| product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | ||||
| CVE-2008-0469 | 1 Tiger Php News System | 1 Tiger Php News System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. | ||||
| CVE-2008-1668 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information. | ||||
| CVE-2008-0471 | 1 Phpbb | 1 Phpbb | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. | ||||