Export limit exceeded: 347060 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347060 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347060 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4136 | 1 Michael Roth Software | 1 Pftp | 2026-04-23 | N/A |
| Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames. | ||||
| CVE-2008-4139 | 1 Opensolution | 1 Quick.cms.lite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2008-4144 | 1 Discountedscripts | 1 E-gold Script Shop | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action. | ||||
| CVE-2008-4145 | 1 Addalink | 1 Addalink | 2026-04-23 | N/A |
| SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
| CVE-2008-4147 | 1 Drupal | 1 Mailsave | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type. | ||||
| CVE-2008-4151 | 1 Cyask | 1 Cyask | 2026-04-23 | N/A |
| Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter. | ||||
| CVE-2008-4154 | 1 Living-e | 1 Webedition Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter. | ||||
| CVE-2008-4155 | 1 Easybrik | 1 Easysite | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php. | ||||
| CVE-2008-4161 | 1 Assetman | 1 Assetman | 2026-04-23 | N/A |
| SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | ||||
| CVE-2008-4162 | 1 Nooms | 1 Nooms | 2026-04-23 | N/A |
| Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter. | ||||
| CVE-2008-4171 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2008-4172 | 1 Rfaah | 1 Cars-vehicles Script | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter. | ||||
| CVE-2008-4178 | 1 Downline Goldmine | 2 Builder, New Addon | 2026-04-23 | N/A |
| SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4182 | 1 Horde | 1 Turba Contact Manager H3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. | ||||
| CVE-2008-4184 | 1 Webcms | 1 Webcms Portal Edition | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4191 | 1 Emacspeak Inc | 1 Emacspeak | 2026-04-23 | N/A |
| extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file. | ||||
| CVE-2008-4192 | 1 Redhat | 3 Cman, Enterprise Linux, Rhel Cluster | 2026-04-23 | N/A |
| The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. | ||||
| CVE-2008-4197 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2026-04-23 | 8.8 High |
| Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. | ||||
| CVE-2008-4206 | 1 Attachmax | 1 Dolphin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. | ||||
| CVE-2008-4207 | 1 Attachmax | 1 Dolphin | 2026-04-23 | N/A |
| Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information. | ||||