Export limit exceeded: 363759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363759 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4716 | 1 Scriptdemo | 1 Php-lance | 2026-04-23 | N/A |
| SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2008-4713 | 1 212cafe | 1 212cafeboard | 2026-04-23 | N/A |
| SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter. | ||||
| CVE-2008-4715 | 1 Jpad Project | 1 Jpad | 2026-04-23 | N/A |
| SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. | ||||
| CVE-2008-4743 | 1 Quidascript | 1 Faq Management Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2008-4744 | 1 Dxproscripts | 1 Dxshopcart | 2026-04-23 | N/A |
| SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2008-4751 | 1 Epistream | 1 Ipei Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. | ||||
| CVE-2008-4753 | 1 Aj Square Inc | 1 Rss Reader | 2026-04-23 | N/A |
| SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter. | ||||
| CVE-2008-4754 | 1 Scripts-for-sites | 1 Ez Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | ||||
| CVE-2008-4763 | 1 Wikidsystems | 1 Wclient-php | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable. | ||||
| CVE-2007-6609 | 1 Coolplayer | 1 Coolplayer | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) cTag or (2) cValue field in an OGG Vorbis file. | ||||
| CVE-2008-4779 | 1 Tguzip | 1 Tguzip | 2026-04-23 | N/A |
| Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file. | ||||
| CVE-2008-4790 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | ||||
| CVE-2008-4791 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | ||||
| CVE-2008-4793 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | ||||
| CVE-2008-4811 | 1 Smarty | 1 Smarty | 2026-04-23 | N/A |
| The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character. | ||||
| CVE-2008-4224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. | ||||
| CVE-2008-4223 | 1 Apple | 1 Mac Os X Server | 2026-04-23 | N/A |
| Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | ||||
| CVE-2008-3890 | 2 Amd, Freebsd | 2 Amd64, Freebsd | 2026-04-23 | N/A |
| The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call. | ||||
| CVE-2008-3900 | 1 Intel | 1 Bios | 2026-04-23 | N/A |
| Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | ||||
| CVE-2008-3907 | 1 Newsbeuter | 1 Newsbeuter | 2026-04-23 | N/A |
| The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL. | ||||