Export limit exceeded: 19812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360699 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360699 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2044 | 1 Netoffice | 1 Dwins | 2026-04-23 | N/A |
| includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. | ||||
| CVE-2008-2030 | 1 F5 | 2 Firepass 4100, Firepass Ssl Vpn | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2029 | 1 Minibb | 1 Minibb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php. | ||||
| CVE-2008-2028 | 1 Minibb | 1 Minibb | 2026-04-23 | N/A |
| miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message. | ||||
| CVE-2008-2027 | 1 Rsa | 1 Authentication Agent | 2026-04-23 | N/A |
| Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action. | ||||
| CVE-2008-2026 | 1 Rsa | 1 Authentication Agent | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470. | ||||
| CVE-2008-2024 | 1 Minibb | 1 Minibb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action. | ||||
| CVE-2008-1884 | 1 Wikepage | 1 Opus | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418. | ||||
| CVE-2008-1885 | 1 Cdnetworks | 1 Download Client | 2026-04-23 | N/A |
| Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2008-1886 | 1 Cdnetworks | 1 Download Client | 2026-04-23 | N/A |
| The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control. | ||||
| CVE-2008-1888 | 1 Microsoft | 1 Sharepoint Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. | ||||
| CVE-2008-1889 | 1 Xplodphp | 1 Autotutorials | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-1890 | 2 Azrul, Joomla | 2 Jom Comment, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3528 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. | ||||
| CVE-2008-1893 | 1 W2b | 1 Online Banking | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter. | ||||
| CVE-2008-1894 | 1 Businessobjects | 1 Infoview | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter. | ||||
| CVE-2008-1895 | 1 Carboncommunities | 1 Carbon Communities | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action. | ||||
| CVE-2008-1896 | 1 Carboncommunities | 1 Carbon Communities | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp. | ||||
| CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2026-04-23 | N/A |
| A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | ||||
| CVE-2008-1900 | 1 Carbon Communities | 1 Carbon Communities | 2026-04-23 | N/A |
| option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field. | ||||