Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1684 1 Apple 1 Safari 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
CVE-2008-4000 2 Jdedwards, Oracle 4 Enterpriseone, Jd Edwards Enterpriseone, Peoplesoft Enterprise and 1 more 2026-04-23 N/A
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.
CVE-2008-6545 1 Comscripts 1 Web Server Creator Web Portal 2026-04-23 N/A
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4004 2 Jdedwards, Oracle 2 Enterpriseone, Peoplesoft Enterprise 2026-04-23 N/A
Unspecified vulnerability in the JDE EnterpriseOne Business Service Server component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.2 and 8.98.0.1 allows local users to affect confidentiality and integrity via unknown vectors.
CVE-2008-6548 1 Moinmo 1 Moinmoin 2026-04-23 N/A
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
CVE-2008-4005 1 Oracle 1 Database 11i 2026-04-23 N/A
Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2006-5452 1 Hp 2 Hp-ux, Tru64 2026-04-23 N/A
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
CVE-2008-4006 1 Oracle 1 Secure Backup 2026-04-23 N/A
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2008-4007 1 Oracle 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise 2026-04-23 N/A
Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2006-6893 1 Tor 1 Tor 2026-04-23 N/A
Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE.
CVE-2008-2112 3 Novell, Redhat, Sun 4 Suse Linux Enterprise Server, Enterprise Linux, Ray Server Software and 1 more 2026-04-23 N/A
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.
CVE-2007-0997 1 Linux 1 Linux Kernel 2026-04-23 N/A
Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.
CVE-2008-4010 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags."
CVE-2008-4011 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors.
CVE-2007-1015 1 Aktueldownload 1 Aktueldownload Haber Script 2026-04-23 N/A
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4013 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2007-1021 1 Xfairguy 1 Codeavalanche News 2026-04-23 N/A
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
CVE-2007-1034 1 Php-nuke 1 Emporium Module 2026-04-23 N/A
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2008-4018 1 Ibm 1 Aix 2026-04-23 N/A
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
CVE-2007-1037 1 Rsbr-software 1 News File Grabber 2026-04-23 N/A
Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.