Export limit exceeded: 360700 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360700 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2026-04-23 | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | ||||
| CVE-2008-2004 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2026-04-23 | N/A |
| The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. | ||||
| CVE-2008-3133 | 1 Barenuked | 1 Barenuked Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2008-3136 | 1 Ashopsoftware | 1 Ashop Deluxe | 2026-04-23 | N/A |
| SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2008-3137 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | ||||
| CVE-2008-3139 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2026-04-23 | N/A |
| The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. | ||||
| CVE-2008-3145 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. | ||||
| CVE-2008-5794 | 1 Lovecms | 1 Lovecms | 2026-04-23 | N/A |
| Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. | ||||
| CVE-2008-5802 | 1 E-topbiz | 1 Online Store | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2008-3146 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. | ||||
| CVE-2008-3147 | 1 Wefi | 1 Wefi | 2026-04-23 | N/A |
| WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files. | ||||
| CVE-2008-3149 | 1 F5 | 1 Firepass 1200 | 2026-04-23 | N/A |
| The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB. | ||||
| CVE-2008-5806 | 1 Deltascripts | 1 Php Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5807 | 1 Teamst | 1 Testlink | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. | ||||
| CVE-2008-3150 | 1 Neutrino-cms | 1 Atomic Edition | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php. | ||||
| CVE-2008-3151 | 2 Phpnuke, Warpspeed | 2 4ndvddb, 4ndvddb | 2026-04-23 | N/A |
| SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action. | ||||
| CVE-2008-3154 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2008-5808 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management." | ||||
| CVE-2008-1988 | 1 Encaps | 1 Encapsgallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1608 | 1 Clever Copy | 1 Clever Copy | 2026-04-23 | N/A |
| SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. | ||||