Export limit exceeded: 349952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0278 | 1 X7 Group | 1 X7 Chat | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action. | ||||
| CVE-2008-0280 | 1 Mtcms | 1 Mtcms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. | ||||
| CVE-2008-0283 | 1 Domphp | 1 Domphp | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2008-0284 | 1 Simple Machines | 1 Simple Machines Smf | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. | ||||
| CVE-2008-0285 | 1 Ngircd | 1 Ngircd | 2026-04-23 | N/A |
| ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. | ||||
| CVE-2008-0286 | 1 Article Dashboard | 1 Article Dashboard | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. | ||||
| CVE-2008-0287 | 1 Visionburst | 1 Vcart | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. | ||||
| CVE-2008-0288 | 1 Imagealbum | 1 Imagealbum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. | ||||
| CVE-2008-0290 | 1 Digitalhive | 1 Digitalhive | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. | ||||
| CVE-2008-1107 | 1 Danskebank | 1 Danskesikker.ocx | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control (DanskeSikker.ocx) 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are not properly handled by a logging function. | ||||
| CVE-2008-0291 | 1 Hangzhou Rui-qiang | 1 Richstrong Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2008-0292 | 1 Dansie | 1 Photo Album | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0920 | 1 Open Source Security Information Management | 1 Os-sim | 2026-04-23 | N/A |
| SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression. | ||||
| CVE-2008-0293 | 1 Freeseat | 1 Freeseat | 2026-04-23 | N/A |
| Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. | ||||
| CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2026-04-23 | N/A |
| PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | ||||
| CVE-2008-0923 | 1 Vmware | 5 Ace, Player, Vmware Player and 2 more | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. | ||||
| CVE-2008-0299 | 1 Python Software Foundation | 1 Paramiko | 2026-04-23 | N/A |
| common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. | ||||
| CVE-2008-0927 | 2 Microsoft, Novell | 2 Windows-nt, Edirectory | 2026-04-23 | N/A |
| dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. | ||||
| CVE-2008-0928 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2026-04-23 | N/A |
| Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. | ||||
| CVE-2008-0303 | 1 Canon | 12 I-sensys, Imagepress, Imagerunner and 9 more | 2026-04-23 | N/A |
| The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. | ||||