Export limit exceeded: 346183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2219 | 1 C-news.fr | 1 C-news | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter. | ||||
| CVE-2009-4368 | 1 Merethis | 1 Centreon | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. | ||||
| CVE-2008-2221 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors. | ||||
| CVE-2008-2222 | 1 Eqdkp | 1 Eqdkp | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter. | ||||
| CVE-2008-2223 | 1 Buyscripts | 1 Vshare Youtube Clone | 2026-04-23 | N/A |
| SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | ||||
| CVE-2008-2224 | 1 Sazcart | 1 Sazcart | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php. | ||||
| CVE-2008-2225 | 1 Gamecms | 1 Gamecms Lite | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter. | ||||
| CVE-2008-2226 | 1 Openkm | 1 Openkm | 2026-04-23 | N/A |
| Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2417 | 1 How2asp | 1 Webboard | 2026-04-23 | N/A |
| SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter. | ||||
| CVE-2009-4369 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name. | ||||
| CVE-2008-2228 | 1 Cyberfolio | 1 Cyberfolio | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter. | ||||
| CVE-2008-2231 | 1 Slashcode.com | 1 Slash | 2026-04-23 | N/A |
| SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter. | ||||
| CVE-2008-2232 | 1 Afuse | 1 Afuse | 2026-04-23 | N/A |
| The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname. | ||||
| CVE-2008-2233 | 1 Openwsman | 1 Openwsman | 2026-04-23 | N/A |
| The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. | ||||
| CVE-2008-2235 | 2 Opensc-project, Siemens | 2 Opensc, Cardos | 2026-04-23 | N/A |
| OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. | ||||
| CVE-2008-2236 | 1 Blosxom | 1 Blosxom | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4370 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview. | ||||
| CVE-2008-2240 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header. | ||||
| CVE-2008-2242 | 2 Broadcom, Ca | 2 Brightstor Arcserve Backup, Brightstor Arcserve Backup | 2026-04-23 | N/A |
| Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function. | ||||
| CVE-2008-2244 | 1 Microsoft | 1 Office Word | 2026-04-23 | N/A |
| Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. | ||||