Export limit exceeded: 10187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10187 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2025-04-09 | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2008-3049 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2025-04-09 | N/A |
| The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-3060 | 1 V-webmail | 1 V-webmail | 2025-04-09 | N/A |
| V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | ||||
| CVE-2008-3078 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. | ||||
| CVE-2008-3094 | 1 Organic Groups Project | 1 Organic Groups | 2025-04-09 | N/A |
| The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors. | ||||
| CVE-2008-3114 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | ||||
| CVE-2008-3304 | 1 Tuxplanet | 1 Bilboblog | 2025-04-09 | N/A |
| BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message. | ||||
| CVE-2008-1111 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | N/A |
| mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information. | ||||
| CVE-2007-5899 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. | ||||
| CVE-2008-3400 | 1 Xrms | 1 Xrms Crm | 2025-04-09 | N/A |
| XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function. | ||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-09 | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | ||||
| CVE-2008-3458 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | N/A |
| Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | ||||
| CVE-2008-3474 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 6.5 Medium |
| Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2008-3514 | 1 Vmware | 1 Virtualcenter | 2025-04-09 | N/A |
| VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." | ||||
| CVE-2008-3539 | 2 Hp, Microsoft | 12 Hpsi Acf2 Connector, Hpsi Active Directory Connector, Hpsi Bidir Dirx Connector and 9 more | 2025-04-09 | N/A |
| Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. | ||||
| CVE-2008-3550 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | N/A |
| The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2008-3634 | 1 Apple | 3 Itunes, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | ||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | ||||
| CVE-2008-3651 | 2 Linux, Redhat | 2 Ipsec Tools Racoon Daemon, Enterprise Linux | 2025-04-09 | N/A |
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. | ||||
| CVE-2008-3914 | 1 Clamav | 1 Clamav | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | ||||