Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6937 | 1 Jabber | 1 Exodus | 2026-04-23 | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0615 | 1 Cisco | 2 Application Control Engine Device Manager, Application Networking Manager | 2026-04-23 | N/A |
| Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions." | ||||
| CVE-2008-6938 | 1 Holger Zimmermann | 1 Pi3web | 2026-04-23 | N/A |
| Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | ||||
| CVE-2008-6939 | 1 Turnkeyforms | 1 Web Hosting Directory | 2026-04-23 | N/A |
| TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | ||||
| CVE-2009-0616 | 1 Cisco | 1 Application Networking Manager | 2026-04-23 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." | ||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2026-04-23 | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | ||||
| CVE-2008-6941 | 1 Turnkeyforms | 1 Web Hosting Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2008-6942 | 1 Scriptsfeed | 1 Realtor Classifieds System | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | ||||
| CVE-2009-0617 | 1 Cisco | 1 Application Networking Manager | 2026-04-23 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. | ||||
| CVE-2009-0851 | 1 Stewart Howe | 1 Celerbb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. | ||||
| CVE-2008-6943 | 1 Scriptsfeed | 1 Recipes Listing Portal | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/. | ||||
| CVE-2008-6948 | 1 Collabtive | 1 Collabtive | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature. | ||||
| CVE-2008-6949 | 1 Collabtive | 1 Collabtive | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication. | ||||
| CVE-2008-6950 | 1 Webhost-panel | 1 Bankoi Webhosting Control Panel | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | ||||
| CVE-2009-0852 | 1 Stewart Howe | 1 Celerbb | 2026-04-23 | N/A |
| showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. | ||||
| CVE-2008-6951 | 1 Cms.maury91 | 1 Maurycms | 2026-04-23 | N/A |
| MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request. | ||||
| CVE-2008-6952 | 1 Cms.maury91 | 1 Maurycms | 2026-04-23 | N/A |
| SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||||
| CVE-2008-6953 | 1 Oovoo | 1 Oovoo | 2026-04-23 | N/A |
| Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI. | ||||
| CVE-2008-6954 | 1 Michael Dehaan | 1 Cobbler | 2026-04-23 | N/A |
| The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. | ||||
| CVE-2008-6955 | 1 Infireal | 1 Mxcamarchive | 2026-04-23 | N/A |
| mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini. | ||||