Export limit exceeded: 363054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363054 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0749 1 Calimero.cms 1 Calimero.cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.
CVE-2008-0750 1 Husrev 1 Blackboard 2026-04-23 N/A
SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2008-0751 2 Microsoft, S9y 2 Internet Explorer, Serendipity Event Freetag 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.
CVE-2008-0752 2 Joomla, Mambo 2 Com Neogallery, Com Neogallery 2026-04-23 N/A
SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.
CVE-2008-0753 1 Vwar 1 Virtual War 2026-04-23 N/A
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
CVE-2008-0754 1 Joomla 1 Com Rapidrecipe 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action.
CVE-2008-0755 1 Cyan Soft 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more 2026-04-23 N/A
Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request.
CVE-2008-0756 1 Cyan Soft 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more 2026-04-23 N/A
The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.
CVE-2008-0757 1 Mercuryboard 1 Mercuryboard Message Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter (aka the message text area), which leads to an injection in the messenger during private message (PM) preview. NOTE: some of these details are obtained from third party information.
CVE-2008-0758 1 Group Logic 2 Extremez-ip File Server, Extremez-ip Print Server 2026-04-23 N/A
Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.
CVE-2008-0759 1 Group Logic 2 Extremez-ip File Server, Extremez-ip Print Server 2026-04-23 N/A
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
CVE-2008-0297 1 Keil Software 1 Photokorn 2026-04-23 N/A
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
CVE-2008-0298 1 Apple 2 Mac Os X, Safari 2026-04-23 N/A
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.
CVE-2008-0299 1 Python Software Foundation 1 Paramiko 2026-04-23 N/A
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
CVE-2008-0300 1 Mapbender 1 Mapbender 2026-04-23 N/A
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.
CVE-2008-0301 1 Mapbender 1 Mapbender 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
CVE-2008-0302 1 Debian 1 Apt-listchanges 2026-04-23 N/A
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
CVE-2008-0303 1 Canon 12 I-sensys, Imagepress, Imagerunner and 9 more 2026-04-23 N/A
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.
CVE-2008-0304 4 Linux, Microsoft, Mozilla and 1 more 5 Linux Kernel, Windows, Seamonkey and 2 more 2026-04-23 N/A
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.
CVE-2008-0306 1 Sap 1 Maxdb 2026-04-23 N/A
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.