Export limit exceeded: 346814 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346814 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1524 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2026-04-23 | N/A |
| The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page. | ||||
| CVE-2008-1526 | 1 Zyxel | 38 P-660h-61, P-660h-61 Firmware, P-660h-63 and 35 more | 2026-04-23 | 7.5 High |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. | ||||
| CVE-2008-1527 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2026-04-23 | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack. | ||||
| CVE-2008-1528 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2026-04-23 | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys. | ||||
| CVE-2008-0211 | 1 Compaq | 13 2210 Series Bios, 2510 Series Bios, 2710 Series Bios and 10 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors. | ||||
| CVE-2008-0212 | 4 Hp, Linux, Microsoft and 1 more | 5 Hp-ux, Openview Network Node Manager, Linux Kernel and 2 more | 2026-04-23 | N/A |
| ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. | ||||
| CVE-2008-0216 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. | ||||
| CVE-2008-1529 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2026-04-23 | N/A |
| ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods. | ||||
| CVE-2008-0218 | 1 Merak | 1 Icewarp Mail Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0219 | 1 Php Webquest | 1 Php Webquest | 2026-04-23 | N/A |
| SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. | ||||
| CVE-2008-0220 | 1 Gateway | 2 Cweblaunchctl Activex Control, Weblaunch | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1530 | 1 Gnupg | 1 Gnupg | 2026-04-23 | N/A |
| GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs." | ||||
| CVE-2008-0228 | 1 Linksys | 1 Wrt54gl | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | ||||
| CVE-2008-1533 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. | ||||
| CVE-2008-0229 | 1 Level One | 1 Wbr-3460a | 2026-04-23 | N/A |
| The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. | ||||
| CVE-2008-0231 | 1 Tuned Studios | 7 Classic Theme, Endless, Freeze Theme and 4 more | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments. | ||||
| CVE-2008-0237 | 1 Microsoft | 1 Rich Textbox Control | 2026-04-23 | N/A |
| The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. | ||||
| CVE-2008-0238 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1247 | 1 Linksys | 1 Wrt54g | 2026-04-23 | N/A |
| The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. | ||||
| CVE-2008-1534 | 1 Powerscripts | 1 Powerphpboard | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php. | ||||