Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3149 1 F5 1 Firepass 1200 2026-04-23 N/A
The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.
CVE-2008-3154 1 Webblizzard 1 Content Management System 2026-04-23 N/A
SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-3167 1 Boonex 1 Dolphin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
CVE-2009-1210 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
CVE-2008-3171 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2009-1214 1 Gnu 1 Screen 2026-04-23 N/A
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
CVE-2009-1332 1 Sun 1 Java System Directory Server 2026-04-23 N/A
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.
CVE-2008-5896 1 Codeavalanche 1 Ratemysite 2026-04-23 N/A
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-3183 1 Gapi Cms 1 Gapicms 2026-04-23 N/A
PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter.
CVE-2009-1223 1 Fullrevolution 1 Aspwebcalendar 2026-04-23 N/A
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.
CVE-2008-3189 1 Dreamlevels 1 Dreamnews Manager 2026-04-23 N/A
SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3190 1 1scripts 1 Codedb 2026-04-23 N/A
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-3197 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
CVE-2009-1240 1 Ibm 4 Network Multi-function Security, Proventia Desktop Endpoint Security, Proventia Network Mail Security System and 1 more 2026-04-23 N/A
Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.
CVE-2008-5907 2 Debian, Libpng 2 Debian Linux, Libpng 2026-04-23 N/A
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
CVE-2008-3199 1 Resiprocate 1 Resiprocate 2026-04-23 N/A
Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow remote attackers to cause a denial of service (stack consumption) via unknown network traffic with a large "bytes-in-memory/bytes-on-wire ratio."
CVE-2008-3200 1 Easy-script 1 Avlc Forum 2026-04-23 N/A
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.
CVE-2008-5909 1 Sun 1 Opensolaris 2026-04-23 N/A
Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown impact and local attack vectors, related to improper handling of temporary files, aka Bug ID 6655641.
CVE-2008-3201 1 Pagefusion 1 Pagefusion 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pagefusion 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) acct_fname and (2) acct_lname parameters in an edit action, and the (3) PID, (4) PGID, and (5) rez parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5917 2 Horde, Microsoft 2 Application Framework, Internet Explorer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.