Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2495 1 Pancake 1 Zina 2026-04-23 N/A
Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter.
CVE-2008-2497 1 Mambo-foundation 1 Mambo 2026-04-23 N/A
CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2008-2498 1 Mambo-foundation 1 Mambo 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-2499 1 Ibm 1 Lotus Sametime 2026-04-23 N/A
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.
CVE-2008-2494 1 Pancake 1 Zina 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
CVE-2008-2500 1 Mambo 1 Mostlyce 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor (MOStlyCE) component before 3.0 for Mambo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2503 1 Sourceforge 1 Emule X-ray 2026-04-23 N/A
Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack vectors.
CVE-2008-2516 1 Libpam-pgsql 1 Libpam-pgsql 2026-04-23 N/A
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration.
CVE-2008-2517 1 Sarab 1 Sarab 2026-04-23 N/A
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2008-2525 1 Typo3 1 Rlmp Eventdb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2526 1 Typo3 1 Wt Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2527 1 Actualscripts 4 Actualanalyzer Gold, Actualanalyzer Lite, Actualanalyzer Pro and 1 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2008-2528 1 Citrix 1 Access Gateway 2026-04-23 N/A
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors.
CVE-2008-2534 1 Fkrauthan 1 Phoenix View Cms 2026-04-23 N/A
Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter.
CVE-2008-2536 1 Yabsoft 1 Advanced Image Hosting Script 2026-04-23 N/A
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.
CVE-2008-2550 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header.
CVE-2008-2551 1 Icona 1 Instant Messenger 2026-04-23 N/A
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."
CVE-2008-2552 1 Sun 2 Service Tag, Sunos 2026-04-23 N/A
Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors.
CVE-2008-2568 1 Joomla 2 Com Simpleshop, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
CVE-2008-2570 1 Limesurvey 1 Limesurvey 2026-04-23 N/A
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.