Export limit exceeded: 348227 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348227 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7031 | 1 Foxitsoftware | 1 Wac Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. | ||||
| CVE-2007-4176 | 1 Eqdkp | 1 Eqdkp Plus | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors. | ||||
| CVE-2008-7063 | 1 Ocean12tech | 1 Faq Manager Pro | 2026-04-23 | N/A |
| Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb. | ||||
| CVE-2008-7084 | 1 Hirschelectronics | 1 Velocity Security Management System | 2026-04-23 | N/A |
| Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
| CVE-2008-7085 | 1 Thehockeystop | 1 Hockeystats Online | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php. | ||||
| CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2026-04-23 | N/A |
| Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | ||||
| CVE-2008-7087 | 1 Openpro | 1 Openpro | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter. | ||||
| CVE-2008-7089 | 1 Pligg | 1 Pligg Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors. | ||||
| CVE-2008-7090 | 1 Pligg | 1 Pligg Cms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php. | ||||
| CVE-2008-7091 | 1 Pligg | 1 Pligg Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. | ||||
| CVE-2008-7093 | 1 Unica | 1 Affinium Campaign | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to Campaign/CampaignListener. | ||||
| CVE-2008-7094 | 1 Unica | 1 Affinium Campaign | 2026-04-23 | N/A |
| Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure. | ||||
| CVE-2008-7142 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter. | ||||
| CVE-2008-7135 | 1 Icq | 1 Icq Toolbar | 2026-04-23 | N/A |
| toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136. | ||||
| CVE-2008-7136 | 1 Icq | 1 Icq Toolbar | 2026-04-23 | N/A |
| toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. | ||||
| CVE-2008-7137 | 1 Eye.fi | 1 Eye-fi Manager | 2026-04-23 | N/A |
| WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors. | ||||
| CVE-2008-7138 | 1 Eye.fi | 1 Eye-fi Manager | 2026-04-23 | N/A |
| The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. | ||||
| CVE-2008-7154 | 1 Docebo | 1 Docebo | 2026-04-23 | N/A |
| Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message. | ||||
| CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | ||||
| CVE-2008-7170 | 1 Gameservers | 1 Gsc | 2026-04-23 | N/A |
| GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | ||||