Export limit exceeded: 348218 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348218 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348218 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4751 | 1 Epistream | 1 Ipei Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. | ||||
| CVE-2008-4753 | 1 Aj Square Inc | 1 Rss Reader | 2026-04-23 | N/A |
| SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter. | ||||
| CVE-2008-4754 | 1 Scripts-for-sites | 1 Ez Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | ||||
| CVE-2006-5431 | 1 Phpoutsourcing | 1 Zorum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter. | ||||
| CVE-2008-4769 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4770 | 2 Realvnc, Redhat | 2 Realvnc, Enterprise Linux | 2026-04-23 | N/A |
| The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type." | ||||
| CVE-2008-4779 | 1 Tguzip | 1 Tguzip | 2026-04-23 | N/A |
| Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file. | ||||
| CVE-2008-4772 | 1 Questwork | 1 Questcms | 2026-04-23 | N/A |
| SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter. | ||||
| CVE-2008-4773 | 1 Questwork | 1 Questcms | 2026-04-23 | N/A |
| Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter. | ||||
| CVE-2008-4774 | 1 Questwork | 1 Questcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter. | ||||
| CVE-2008-4775 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. | ||||
| CVE-2008-4776 | 1 Wojtek Kaniewsk | 1 Libgadu | 2026-04-23 | N/A |
| libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. | ||||
| CVE-2008-4778 | 1 Dream4 | 1 Koobi Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action. | ||||
| CVE-2008-4781 | 1 Easy-script | 1 Myktools | 2026-04-23 | N/A |
| Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter. | ||||
| CVE-2008-4782 | 1 Aiocp | 1 Aiocp | 2026-04-23 | N/A |
| SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | ||||
| CVE-2008-4784 | 1 Aflog | 1 Aflog | 2026-04-23 | N/A |
| aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | ||||
| CVE-2008-4786 | 1 E107 | 2 E107, Easyshop Plugin | 2026-04-23 | N/A |
| SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
| CVE-2007-4119 | 1 Berthanas Ziyaretci | 1 Defteri | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) Pass fields. | ||||
| CVE-2008-4799 | 1 Netpbm | 1 Netpbm | 2026-04-23 | N/A |
| pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read. | ||||
| CVE-2008-4802 | 1 Simple Php Scripts | 1 Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||