Search Results (363132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0918 2 Astats, Joomla 2 Astatspro, Com Astatspro 2026-04-23 N/A
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0936 1 Xoops 1 Prayer List Module 2026-04-23 N/A
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
CVE-2008-0919 1 Open Source Security Information Management 1 Os-sim 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
CVE-2008-0920 1 Open Source Security Information Management 1 Os-sim 2026-04-23 N/A
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
CVE-2008-0921 1 Becontent 1 Becontent 2026-04-23 N/A
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0922 1 Php-nuke 1 Manuales 2026-04-23 N/A
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
CVE-2008-0923 1 Vmware 5 Ace, Player, Vmware Player and 2 more 2026-04-23 N/A
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
CVE-2008-0924 1 Novell 1 Edirectory 2026-04-23 N/A
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.
CVE-2008-0925 1 Novell 1 Edirectory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."
CVE-2008-0926 1 Novell 1 Edirectory 2026-04-23 N/A
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
CVE-2008-0927 2 Microsoft, Novell 2 Windows-nt, Edirectory 2026-04-23 N/A
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
CVE-2008-0928 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2026-04-23 N/A
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
CVE-2008-0930 2 Debian, Freshmeat 2 Debian Linux, Xwine 2026-04-23 N/A
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.
CVE-2008-0931 2 Debian, Xwine 2 Debian Linux, Xwine 2026-04-23 N/A
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.
CVE-2008-0932 3 Debian, Redhat, The Sword Project 4 Debian Linux, Fedora, Diatheke Front End and 1 more 2026-04-23 N/A
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
CVE-2008-0933 1 Sun 1 Solaris 2026-04-23 N/A
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
CVE-2008-0934 2 Nukec, Php-nuke 2 Nukec, Nukec Module 2026-04-23 N/A
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
CVE-2008-0935 1 Novell 2 Iprint, Iprint Client 2026-04-23 N/A
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.
CVE-2008-0937 2 Tinyevent, Xoops 2 Tinyevent, Tiny Event Module 2026-04-23 N/A
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
CVE-2008-0938 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.