Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0771 1 Site2nite 1 Real Estate Web 2026-04-23 N/A
Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-0775 1 Simple Machines 1 Smf Shoutbox 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".
CVE-2008-0781 1 Moinmoin 1 Moinmoin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
CVE-2008-0779 1 Fortinet 1 Forticlient Host Security 2026-04-23 N/A
The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.
CVE-2008-0784 1 Cacti 1 Cacti 2026-04-23 N/A
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
CVE-2008-0790 1 Intermate 1 Winipds 2026-04-23 N/A
Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2008-0800 1 Joomla 1 Com Mcquiz 2026-04-23 N/A
SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
CVE-2008-0810 2 Joomla, Mambo 2 Com Scheduling Component, Com Scheduling Component 2026-04-23 N/A
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0808 1 Ikiwiki 1 Ikiwiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
CVE-2008-0806 1 Paul Pelzl 1 Wyrd 2026-04-23 N/A
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.
CVE-2008-0809 1 Ikiwiki 1 Ikiwiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
CVE-2008-0838 1 Sophos 2 Es1000, Es4000 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
CVE-2008-0846 2 Joomla, Mambo 2 Com Profile, Com Profile 2026-04-23 N/A
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
CVE-2008-0847 1 Xoops 1 Mytopics 2026-04-23 N/A
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
CVE-2008-0852 1 Freesshd 1 Freesshd 2026-04-23 N/A
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
CVE-2008-0854 2 Joomla, Mambo 2 Com Salesrep, Com Salesrep 2026-04-23 N/A
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
CVE-2008-0855 2 Joomla, Mambo 2 Com Facileforms, Com Facileforms 2026-04-23 N/A
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-0864 2 Bea Systems, Oracle 2 Weblogic Portal, Weblogic Portal 2026-04-23 N/A
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
CVE-2008-0865 2 Bea Systems, Oracle 2 Weblogic Portal, Weblogic Portal 2026-04-23 N/A
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
CVE-2008-0866 1 Bea 1 Weblogic Workshop 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.