Export limit exceeded: 346173 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346173 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0165 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | ||||
| CVE-2008-0167 | 2 Debian, Gforge | 2 Debian Linux, Gforge | 2026-04-23 | N/A |
| The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. | ||||
| CVE-2008-0169 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. | ||||
| CVE-2008-0171 | 2 Boost, Redhat | 3 Boost, Boost Regex Library, Enterprise Linux | 2026-04-23 | N/A |
| regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. | ||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2026-04-23 | 9.8 Critical |
| GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | ||||
| CVE-2008-0175 | 1 Ge Fanuc | 1 Proficy Real-time Information Portal | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. | ||||
| CVE-2008-0176 | 1 Ge Fanuc | 1 Cimplicity | 2026-04-23 | N/A |
| Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2008-2898 | 1 Hedgehog-cms | 1 Hedgehog-cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | ||||
| CVE-2009-4051 | 1 Downstairs.dnsalias | 1 Home Ftp Server | 2026-04-23 | N/A |
| Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands. | ||||
| CVE-2008-0177 | 1 Kame | 1 Ipcomp | 2026-04-23 | N/A |
| The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. | ||||
| CVE-2008-0178 | 1 Liferay | 1 Liferay Enterprise Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||
| CVE-2008-0180 | 1 Liferay | 1 Liferay Enterprise Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | ||||
| CVE-2008-0181 | 1 Liferay | 1 Liferay Enterprise Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. | ||||
| CVE-2008-0182 | 1 Liferay | 1 Liferay Enterprise Portal | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | ||||
| CVE-2008-0184 | 1 Prenotazioni On Line | 1 Syshotel On Line System | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. | ||||
| CVE-2008-0185 | 1 Netrisk | 1 Netrisk | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php). | ||||
| CVE-2008-0186 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144. | ||||
| CVE-2009-3759 | 1 Citrix | 1 Xencenterweb | 2026-04-23 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0191 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. | ||||
| CVE-2008-0192 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. | ||||