Export limit exceeded: 346156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346156 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2026-04-23 | N/A |
| ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | ||||
| CVE-2008-6757 | 1 Viart | 1 Viart Shop | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. | ||||
| CVE-2008-6761 | 1 China-on-site | 1 Flexcustomer0.0.6 | 2026-04-23 | N/A |
| Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php. | ||||
| CVE-2008-6767 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request. | ||||
| CVE-2008-6768 | 1 Shopsystem-forum | 1 K\&s Shopsoftware | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/. | ||||
| CVE-2008-6769 | 1 Peterselie | 1 Yourplace | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | ||||
| CVE-2008-6405 | 1 Greatclone | 1 Hotscripts Clone | 2026-04-23 | N/A |
| SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2008-6404 | 1 Extrosoft | 1 Thyme | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | ||||
| CVE-2008-6403 | 1 Openrat | 1 Openrat | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter. | ||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | ||||
| CVE-2008-6401 | 1 Jetik | 1 Jetik-web | 2026-04-23 | N/A |
| SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter. | ||||
| CVE-2008-6400 | 1 Refbase | 1 Refbase | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6399 | 1 Dotnetnuke | 1 Dotnetnuke | 2026-04-23 | N/A |
| Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. | ||||
| CVE-2008-6398 | 1 Eric Raymond | 1 Sng | 2026-04-23 | N/A |
| sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. | ||||
| CVE-2008-6397 | 1 Alcovebook | 1 Sgml2x | 2026-04-23 | N/A |
| rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2008-6396 | 1 Celerondude | 1 Uploader | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6585 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action. | ||||
| CVE-2008-6395 | 1 3com | 1 Wireless 8760 Dual-radio | 2026-04-23 | N/A |
| The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | ||||
| CVE-2008-6584 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | ||||
| CVE-2008-6394 | 1 Cs-cart | 1 Cs-cart | 2026-04-23 | N/A |
| SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter. | ||||