Export limit exceeded: 365170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2714 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."
CVE-2008-2715 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
CVE-2008-2716 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.
CVE-2008-2717 2 Apache, Typo3 2 Apache Webserver, Typo3 2026-04-23 N/A
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
CVE-2008-2721 1 Menalto 1 Gallery 2026-04-23 N/A
Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album.
CVE-2008-2722 1 Menalto 1 Gallery 2026-04-23 N/A
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.
CVE-2008-2743 1 Xerox 3 Xerox 4110, Xerox 4590, Xerox 4595 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2008-2749 1 Sun 2 Java System Calendar Server, One Calendar Server 2026-04-23 N/A
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVE-2008-2750 1 Linux 1 Linux Kernel 2026-04-23 N/A
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.
CVE-2008-2752 1 Microsoft 1 Word 2026-04-23 N/A
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
CVE-2008-2759 1 Xigla 1 Absolute Form Processor Xe 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-2760 1 Xigla 1 Absolute Banner Manager 2026-04-23 N/A
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-2761 1 Xigla 1 Absolute Banner Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information.
CVE-2008-2762 1 Xigla 1 Absolute Form Processor Xe 2026-04-23 N/A
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-2775 1 Dt Centrepiece 1 Dt Centrepiece 2026-04-23 N/A
SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2776 1 Dt Centrepiece 1 Dt Centrepiece 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2777 1 Luca Corbo 1 Ortro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2778 1 Revokesoft 1 Revokebb 2026-04-23 N/A
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2008-2780 1 Albinoloverats 1 Anubis Plugin 2026-04-23 N/A
The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file.
CVE-2008-2784 1 Spamdyke 1 Spamdyke 2026-04-23 N/A
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.