Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3933 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.
CVE-2008-3936 1 Dreambox 1 Dm500c 2026-04-23 N/A
The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.
CVE-2008-3937 1 Opendb 1 Opendb 2026-04-23 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
CVE-2008-3944 1 Discountedscripts 1 Acg Ptp 2026-04-23 N/A
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
CVE-2008-3945 1 Source Workshop 1 Words Tag Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
CVE-2008-3946 1 Hp 1 Openvms 2026-04-23 N/A
The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.
CVE-2009-1635 1 Novell 1 Groupwise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.
CVE-2008-6491 1 Denis Moinel 1 Phpgkit 2026-04-23 N/A
PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3652 2 Ipsec-tools, Redhat 2 Ipsec-tools, Enterprise Linux 2026-04-23 N/A
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
CVE-2009-1465 1 Klinzmann 1 Application Access Server 2026-04-23 N/A
Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access.
CVE-2008-6208 1 E107 1 E107 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6069 1 Malbum 1 Malbum 2026-04-23 N/A
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.
CVE-2006-6068 1 Malbum 1 Malbum 2026-04-23 N/A
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.
CVE-2008-3650 1 Horde 1 Groupware Webmail Edition 2026-04-23 N/A
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
CVE-2008-3649 1 Articlefriendly 1 Article Friendly 2026-04-23 N/A
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
CVE-2008-6194 1 Microsoft 1 Windows 2026-04-23 N/A
Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898.
CVE-2008-3092 1 Drupal 1 Taxonomy Autotagger Module 2026-04-23 N/A
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5797 1 Typo3 2 Advcalendar Extension, Typo3 2026-04-23 N/A
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5801 1 Typo3 1 Dictionary Extension 2026-04-23 N/A
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
CVE-2009-1184 1 Linux 1 Linux Kernel 2026-04-23 N/A
The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.