Export limit exceeded: 364917 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2415 1 Digitalhive 1 Digitalhive 2026-04-23 N/A
Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-2436 1 Novell 1 Iprint Client 2026-04-23 N/A
Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.
CVE-2008-2437 1 Trend Micro 2 Client-server-messaging Security, Officescan 2026-04-23 N/A
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
CVE-2008-2438 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.
CVE-2008-2445 1 Wgcc 1 Web Group Communication Center 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in profile.php in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action.
CVE-2008-2447 1 Mytipper 1 Zogo Shop 2026-04-23 N/A
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2448 1 Aspindir 1 Meto Forum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.
CVE-2008-2449 1 Ikemcg 1 Phpinstantgallery 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2450 1 Inmedias 1 Statistics 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2453 1 Phpclassifiedsscript 1 Php Classifieds Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.
CVE-2008-2455 1 E107coders 1 E107 Blog Engine 2026-04-23 N/A
SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter.
CVE-2008-2456 1 Comicshout 1 Comicshout 2026-04-23 N/A
SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter.
CVE-2008-2490 1 Typo3 1 Kj Imagelightbox2 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."
CVE-2008-2487 1 Maxsite 1 Maxsite 2026-04-23 N/A
SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.
CVE-2008-2488 1 Beaussier 1 Roomphplanning 2026-04-23 N/A
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.
CVE-2008-2489 1 Typo3 1 Sg Zfelib 2026-04-23 N/A
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
CVE-2008-2494 1 Pancake 1 Zina 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
CVE-2008-2495 1 Pancake 1 Zina 2026-04-23 N/A
Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter.
CVE-2008-2496 1 Quate 1 Quate Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php.
CVE-2008-2513 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.