CVE-2009-2888

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2010-2888 - Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. Per: ...
6 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

CVE-2009-2888 - SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter. ...
7 years ago

CVE-2016-0350 - Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web ...
8 years ago

CVE-2016-2888 - Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web ...
8 years ago

CVE-2016-0313 - Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web ...
8 years ago

CVE-2007-2888 - Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from ...
7 years ago

CVE-2017-2888 - An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential ...
2 years ago

CVE-2015-2888 - Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. ...
3 years ago

CVE-2013-2888 - Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) ...
11 years ago

CVE-2014-2888 - lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. Per: https://cwe.mitre.org/data/definitions/77.html ...
10 years ago

CVE-2005-2888 - Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php. ...
7 years ago

CVE-2011-2888 - IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation. ...
7 years ago

CVE-2008-2888 - Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) ...
7 years ago

CVE-2006-2888 - PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. ...
7 years ago

CVE-2012-2888 - Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references. ...
6 years ago

CVE-2018-2888 - Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows ...
5 years ago

CVE-2019-2888 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated ...
4 years ago

CVE-2020-2888 - Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network ...
3 years ago

CVE-2022-2888 - If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. ...
2 years ago

CVE-2023-2888 - A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?cupload&fzip&_noCache0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate ...
1 year ago

CVE-2024-2888 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by ...
1 year ago