CVE-2008-1258

Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.

Publication date: Mon, 10 Mar 2008 22:44:00 +0000

Cyber News related to CVE-2008-1258

CVE-2008-1258 - Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. ...
6 years ago

CVE-2013-1258 - Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and ...
4 years ago

CVE-2025-1258 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
1 day ago Tenable.com

CVE-2018-1258 - Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be ...
2 years ago

CVE-2003-1258 - activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid. ...
16 years ago

CVE-2001-1258 - Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. ...
13 years ago

CVE-2014-1258 - Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. ...
10 years ago

CVE-2016-1258 - Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, ...
8 years ago

CVE-2015-1258 - Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have ...
1 year ago

CVE-2016-9553 - The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible ...
7 years ago

CVE-2004-1258 - Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files. ...
7 years ago

CVE-2017-1258 - IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 ...
7 years ago

CVE-2006-1258 - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. ...
7 years ago

CVE-2009-1258 - SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details ...
7 years ago

CVE-1999-1258 - rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. ...
7 years ago

CVE-2007-1258 - Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial ...
7 years ago

CVE-2002-1258 - Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in ...
5 years ago

CVE-2012-1258 - cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and ...
5 years ago

CVE-2019-1258 - An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another ...
8 months ago

CVE-2011-1258 - Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka ...
2 years ago

CVE-2020-1258 - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. ...
3 years ago

CVE-2010-1258 - Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka ...
3 years ago

CVE-2022-1258 - A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command ...
2 years ago

CVE-2021-1258 - A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The ...
2 years ago

CVE-2023-1258 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0. ...
1 year ago

Latest Cyber News

Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks - 9 hours ago
Google Chrome disables uBlock Origin for some in Manifest v3 rollout - 16 hours ago
CVE-2025-25282 - 16 hours ago
CVE-2025-1555 - 16 hours ago
Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News - 18 hours ago
Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key - 18 hours ago
CVE-2025-25604 - 18 hours ago
CVE-2025-25605 - 18 hours ago
CVE-2025-25767 - 18 hours ago
CVE-2025-25768 - 18 hours ago
CVE-2025-25769 - 18 hours ago
CVE-2025-25770 - 18 hours ago
CVE-2025-25772 - 18 hours ago
CVE-2020-19248 - 18 hours ago
SpyLend Android malware downloaded 100,000 times from Google Play - 19 hours ago
CVE-2025-25876 - 19 hours ago
CVE-2025-25877 - 19 hours ago
CVE-2025-25878 - 19 hours ago
CVE-2025-25765 - 19 hours ago
CVE-2025-25766 - 19 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks - 9 hours ago
CVE-2025-25958 - 1 day ago
CVE-2025-25960 - 1 day ago
CVE-2024-54756 - 1 day ago
CVE-2024-7131 - 1 day ago
CVE-2025-22973 - 1 day ago
CVE-2025-25662 - 1 day ago
CVE-2025-25663 - 1 day ago
CVE-2025-25664 - 1 day ago
CVE-2025-25667 - 1 day ago
CVE-2025-25668 - 1 day ago
CVE-2025-25674 - 1 day ago
CVE-2025-25675 - 1 day ago
CVE-2025-25676 - 1 day ago
CVE-2025-25678 - 1 day ago
CVE-2025-25679 - 1 day ago
CVE-2025-25957 - 1 day ago
CVE-2025-27088 - 1 day ago
CVE-2025-27100 - 1 day ago
CVE-2025-1001 - 1 day ago