Export limit exceeded: 16335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5504 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | ||||
| CVE-2008-5505 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies. | ||||
| CVE-2008-5506 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." | ||||
| CVE-2008-5512 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." | ||||
| CVE-2008-5516 | 3 Git, Git-scm, Rpath | 3 Git, Git, Linux | 2025-04-09 | N/A |
| The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. | ||||
| CVE-2008-5549 | 1 Sun | 1 Java System Portal Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." | ||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2025-04-09 | N/A |
| PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | ||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2025-04-09 | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | ||||
| CVE-2008-5592 | 1 Iwrite | 1 Nightfall Personal Diary | 2025-04-09 | N/A |
| Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. | ||||
| CVE-2008-5596 | 1 Dotnetindex | 1 Ikon Admanager | 2025-04-09 | N/A |
| Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | ||||
| CVE-2008-5597 | 1 Cold Bbs | 1 Cold Bbs | 2025-04-09 | N/A |
| Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. | ||||
| CVE-2008-5600 | 1 Merlix | 1 Teamworx Server | 2025-04-09 | N/A |
| Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. | ||||
| CVE-2008-5601 | 1 Robs-projects | 1 Asp User Engine | 2025-04-09 | N/A |
| User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. | ||||
| CVE-2008-5602 | 1 Natterchat | 1 Natterchat | 2025-04-09 | N/A |
| Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. | ||||
| CVE-2008-5603 | 1 Aspapps | 1 Aspticker | 2025-04-09 | N/A |
| ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | ||||
| CVE-2008-5606 | 1 Gazatem Technologies | 1 Qmail Mailing List Manager | 2025-04-09 | N/A |
| Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. | ||||
| CVE-2008-5608 | 1 Aspapps | 1 Asp Autodealer | 2025-04-09 | N/A |
| ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. | ||||
| CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2025-04-09 | N/A |
| The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | ||||
| CVE-2008-5624 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable. | ||||
| CVE-2008-5625 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. | ||||