Export limit exceeded: 352102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0144 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. | ||||
| CVE-2008-0146 | 1 Hughes Technologies | 1 W3-msql | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI. | ||||
| CVE-2008-0873 | 1 Jlmzone | 1 Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. | ||||
| CVE-2008-0147 | 1 Smallnuke | 1 Smallnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. | ||||
| CVE-2008-0152 | 1 Seattle Lab Software | 1 Slnet Rf Telnet Server | 2026-04-23 | N/A |
| SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode. | ||||
| CVE-2008-0156 | 1 Million Dollar Script | 1 Million Dollar Script | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter. | ||||
| CVE-2008-0165 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | ||||
| CVE-2008-0877 | 1 Jinzora | 1 Media Jukebox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php. | ||||
| CVE-2008-0167 | 2 Debian, Gforge | 2 Debian Linux, Gforge | 2026-04-23 | N/A |
| The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. | ||||
| CVE-2008-0169 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. | ||||
| CVE-2008-0171 | 2 Boost, Redhat | 3 Boost, Boost Regex Library, Enterprise Linux | 2026-04-23 | N/A |
| regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. | ||||
| CVE-2008-0172 | 3 Boost, Redhat, Ubuntu | 3 Boost, Enterprise Linux, Ubuntu Linux | 2026-04-23 | N/A |
| The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. | ||||
| CVE-2008-0173 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. | ||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2026-04-23 | 9.8 Critical |
| GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | ||||
| CVE-2008-0175 | 1 Ge Fanuc | 1 Proficy Real-time Information Portal | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. | ||||
| CVE-2008-0176 | 1 Ge Fanuc | 1 Cimplicity | 2026-04-23 | N/A |
| Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2008-0887 | 2 Gnome, Redhat | 2 Screensaver, Enterprise Linux | 2026-04-23 | N/A |
| gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. | ||||
| CVE-2008-0177 | 1 Kame | 1 Ipcomp | 2026-04-23 | N/A |
| The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. | ||||
| CVE-2008-0896 | 1 Bea Systems | 1 Weblogic Portal | 2026-04-23 | N/A |
| BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | ||||
| CVE-2008-0178 | 1 Liferay | 1 Liferay Enterprise Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||