Search Results (362864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6588 1 Aztech 1 Adsl2\/2\+4-port Router 2026-04-23 N/A
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.
CVE-2008-6412 1 Vignette 1 Vignette Content Management 2026-04-23 N/A
Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors.
CVE-2008-6413 2 Drupal, Ticklespace 2 Drupal, Answers Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.
CVE-2008-6415 1 Youngzsoft 1 Ccproxy 2026-04-23 N/A
Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.
CVE-2008-6416 1 Greensql 1 Greensql-console 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages."
CVE-2008-6419 1 Socialsitegenerator 1 Social Site Generator 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php.
CVE-2008-6424 1 Jun Sota 1 Ffftp 2026-04-23 N/A
Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).
CVE-2008-6425 1 Comicshout 1 Comicshout 2026-04-23 N/A
SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456.
CVE-2008-6428 1 Kayalang 1 Kaya 2026-04-23 N/A
The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2008-6591 1 Lightneasy 1 Lightneasy 2026-04-23 N/A
LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.
CVE-2008-6592 2 Lightneasy, Sqlite 2 Lightneasy, Sqlite 2026-04-23 N/A
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
CVE-2008-6433 1 Blueriver 1 Sava Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
CVE-2008-6593 2 Lightneasy, Sqlite 2 Lightneasy, Sqlite 2026-04-23 N/A
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
CVE-2008-6434 1 Blueriver 1 Sava Cms 2026-04-23 N/A
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.
CVE-2008-6594 1 Network-publishing 1 Rdf Newsfeed Export 2026-04-23 N/A
SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6595 1 Typo3 1 Pmk Rssnewsexport Extension 2026-04-23 N/A
SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6597 1 Phpcredo 1 Phcdownload 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6604 1 Picoflat 1 Picoflat Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.
CVE-2008-6440 2 Cerberus, Webgroupmedia 2 Cerberus Helpdesk, Cerberus Helpdesk 2026-04-23 N/A
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
CVE-2008-6606 1 Matpo 1 Matpo Link 2026-04-23 N/A
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.