Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2122 | 1 Ibm | 1 Rational Build Forge | 2026-04-23 | 7.5 High |
| IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets. | ||||
| CVE-2008-2125 | 1 Musicbox | 1 Musicbox | 2026-04-23 | N/A |
| SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter. | ||||
| CVE-2008-2126 | 1 Tux Cms | 1 Tux Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php. | ||||
| CVE-2008-2128 | 1 Cms Faethon | 1 Cms Faethon | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185. | ||||
| CVE-2008-2131 | 1 Myvietnam | 1 Mvnforum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows remote authenticated users to inject arbitrary web script or HTML via the topic field, which is later displayed by user/viewthread.jsp through use of the "quick reply button." | ||||
| CVE-2008-2133 | 1 Tru-zone | 1 Nukeet | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different vulnerability than CVE-2008-1873. | ||||
| CVE-2008-2134 | 1 Tru-zone | 1 Nukeet | 2026-04-23 | N/A |
| The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie. | ||||
| CVE-2008-2135 | 1 Visualshapers | 1 Ezcontents | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. | ||||
| CVE-2008-2136 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2026-04-23 | N/A |
| Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. | ||||
| CVE-2008-2138 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report. | ||||
| CVE-2008-3006 | 1 Microsoft | 4 Office, Office Compatibility Pack, Office Excel Viewer and 1 more | 2026-04-23 | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." | ||||
| CVE-2008-2139 | 1 Rpath | 1 Appliance Platform Agent | 2026-04-23 | N/A |
| The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. | ||||
| CVE-2008-2140 | 1 Rpath | 1 Appliance Platform Agent | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. | ||||
| CVE-2008-2143 | 1 Microsoft | 1 Outlook Web Access | 2026-04-23 | N/A |
| Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. | ||||
| CVE-2008-2144 | 1 Sun | 1 Sunos | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors. | ||||
| CVE-2008-2145 | 1 Novell | 1 Client | 2026-04-23 | N/A |
| Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog. | ||||
| CVE-2008-2146 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. | ||||
| CVE-2008-2147 | 1 Videolan | 1 Vlc | 2026-04-23 | N/A |
| Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. | ||||
| CVE-2008-2178 | 1 Lifetype | 1 Lifetype | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search). | ||||
| CVE-2009-4361 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information. | ||||