Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6588 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2026-04-23 | N/A |
| Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. | ||||
| CVE-2008-6412 | 1 Vignette | 1 Vignette Content Management | 2026-04-23 | N/A |
| Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors. | ||||
| CVE-2008-6413 | 2 Drupal, Ticklespace | 2 Drupal, Answers Module | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question. | ||||
| CVE-2008-6414 | 1 Aj Square | 1 Aj Auction | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||
| CVE-2008-6415 | 1 Youngzsoft | 1 Ccproxy | 2026-04-23 | N/A |
| Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname. | ||||
| CVE-2008-6416 | 1 Greensql | 1 Greensql-console | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages." | ||||
| CVE-2008-6417 | 1 Greensql | 1 Greensql-console | 2026-04-23 | N/A |
| Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors. | ||||
| CVE-2008-6418 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | ||||
| CVE-2008-6419 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php. | ||||
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | ||||
| CVE-2008-6421 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2008-6422 | 1 Psychostats | 1 Psychostats | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. | ||||
| CVE-2008-6423 | 1 I-apps | 1 Passwiki | 2026-04-23 | N/A |
| Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter. | ||||
| CVE-2008-6424 | 1 Jun Sota | 1 Ffftp | 2026-04-23 | N/A |
| Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot). | ||||
| CVE-2008-6425 | 1 Comicshout | 1 Comicshout | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456. | ||||
| CVE-2008-6427 | 1 Hivemaker | 1 Hivemaker | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2008-6589 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||
| CVE-2008-6428 | 1 Kayalang | 1 Kaya | 2026-04-23 | N/A |
| The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2026-04-23 | N/A |
| SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. | ||||
| CVE-2008-6591 | 1 Lightneasy | 1 Lightneasy | 2026-04-23 | N/A |
| LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||