Search Results (364988 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2099 2 Microsoft, Vmware 5 Windows, Ace 2, Vmware Player 2 and 2 more 2026-04-23 N/A
Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVE-2008-2101 1 Vmware 1 Esx 2026-04-23 N/A
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2008-2104 1 Mozilla 1 Bugzilla 2026-04-23 N/A
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
CVE-2008-2106 1 Activision 1 Call Of Duty 4 2026-04-23 N/A
Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value.
CVE-2008-2107 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
CVE-2008-2117 1 Project Alumni 1 Project Alumni 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126.
CVE-2007-1219 1 Admin Phorum 1 Admin Phorum 2026-04-23 N/A
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2008-2134 1 Tru-zone 1 Nukeet 2026-04-23 N/A
The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie.
CVE-2006-5390 1 Phpbb 1 Acp User Registration Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2008-2143 1 Microsoft 1 Outlook Web Access 2026-04-23 N/A
Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.
CVE-2008-2178 1 Lifetype 1 Lifetype 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search).
CVE-2007-1220 1 Microsoft 1 Xbox 360 2026-04-23 N/A
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
CVE-2008-2165 1 Cisco 1 Building Broadband Service Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2008-2166 1 Sun 1 Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
CVE-2007-1221 1 Microsoft 1 Xbox 360 2026-04-23 N/A
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
CVE-2008-2171 1 Alaxala 1 Ax Router 2026-04-23 N/A
Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2007-3067 1 Eqdkp 1 Attunement And Key 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php.
CVE-2008-2182 1 In2code 1 Powermail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2184 1 Toocharger 1 Smartblog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1223 3 Hitachi, Ibm, Sun 4 Hi-ux\/we2, Osas\/ft\/w, Aix and 1 more 2026-04-23 N/A
Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port".