Export limit exceeded: 361049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361049 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2946 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets. | ||||
| CVE-2008-6104 | 1 A4desk | 1 A4desk Flash Event Calendar | 2026-04-23 | N/A |
| SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php. | ||||
| CVE-2009-0663 | 3 Cmu, Perl, Redhat | 3 Dbd\, Perl, Enterprise Linux | 2026-04-23 | N/A |
| Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. | ||||
| CVE-2008-2088 | 1 Phpforge | 1 Php Forge | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php. | ||||
| CVE-2008-2947 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | ||||
| CVE-2008-2948 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. | ||||
| CVE-2009-0673 | 1 Ravenphpscripts | 1 Ravennuke | 2026-04-23 | N/A |
| Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. | ||||
| CVE-2008-2090 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | ||||
| CVE-2008-6106 | 1 Ibm | 2 Workplace For Business Controls And Reporting, Workplace Web Content Management | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2092 | 1 Linksys | 1 Spa-2102 Phone Adapter | 2026-04-23 | N/A |
| Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios. | ||||
| CVE-2008-2950 | 1 Poppler | 1 Poppler | 2026-04-23 | N/A |
| The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. | ||||
| CVE-2008-2094 | 1 Xoops | 1 Article Module | 2026-04-23 | N/A |
| SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-2951 | 2 Edgewall, Fedoraproject | 2 Trac, Fedora | 2026-04-23 | 6.1 Medium |
| Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | ||||
| CVE-2008-3630 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2026-04-23 | N/A |
| mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
| CVE-2008-6107 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range (aka span) checks when the mremap MREMAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mremap calls, a related issue to CVE-2008-2137. | ||||
| CVE-2008-2097 | 1 Vmware | 2 Esx, Esxi | 2026-04-23 | N/A |
| Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." | ||||
| CVE-2008-2953 | 1 Linux | 1 Direct Connect | 2026-04-23 | N/A |
| Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference. | ||||
| CVE-2008-6065 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. | ||||
| CVE-2008-3603 | 1 Vacation Rentals | 1 Vacation Rental Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action. | ||||
| CVE-2008-5960 | 1 Tribiq | 1 Tribiq Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||