Export limit exceeded: 364816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364816 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3056 | 1 Typo3 | 1 Codeon Petition Extension | 2026-04-23 | N/A |
| SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-3058 | 1 Octeth | 1 Oempro | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php. | ||||
| CVE-2008-3059 | 1 Octeth | 1 Oempro | 2026-04-23 | N/A |
| member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab. | ||||
| CVE-2008-3073 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag." | ||||
| CVE-2008-3075 | 2 Redhat, Vim | 3 Enterprise Linux, Vim, Zipplugin.vim | 2026-04-23 | N/A |
| The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. | ||||
| CVE-2008-3077 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability. | ||||
| CVE-2008-3078 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. | ||||
| CVE-2008-3080 | 1 Mywebland | 1 Mybloggie | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. | ||||
| CVE-2008-3082 | 1 Commtouch | 1 Enterprise Anti-spam Gateway | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. | ||||
| CVE-2008-3083 | 2 Brightcode, Joomla | 2 Brightcode Weblinks Module, Com Brightweblinks | 2026-04-23 | N/A |
| SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2008-3087 | 1 Kasseler-cms | 1 Kasseler Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module. | ||||
| CVE-2008-3089 | 1 Xpoze | 1 Xpoze Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter. | ||||
| CVE-2008-3102 | 1 Mantisbt | 1 Mantisbt | 2026-04-23 | N/A |
| Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | ||||
| CVE-2008-3103 | 2 Redhat, Sun | 4 Network Satellite, Rhel Extras, Jdk and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. | ||||
| CVE-2008-3104 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. | ||||
| CVE-2008-3118 | 1 Phpmotion | 1 Phpmotion | 2026-04-23 | N/A |
| SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter. | ||||
| CVE-2008-3106 | 2 Redhat, Sun | 4 Network Satellite, Rhel Extras, Jdk and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. | ||||
| CVE-2008-3107 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||||
| CVE-2008-3108 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. | ||||
| CVE-2008-3109 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2026-04-23 | N/A |
| Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||||