Export limit exceeded: 347167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3268 | 1 Brickhost | 1 Phpscheduleit | 2026-04-23 | N/A |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5871 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2026-04-23 | N/A |
| Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | ||||
| CVE-2008-3269 | 1 Winsoftmagic | 2 Winremotepc Full, Winremotepc Lite | 2026-04-23 | N/A |
| WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321. | ||||
| CVE-2008-5872 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. | ||||
| CVE-2008-5875 | 2 Joomla, Joomlahbs | 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System | 2026-04-23 | N/A |
| SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | ||||
| CVE-2008-5876 | 1 Irrlicht | 1 Irrlicht | 2026-04-23 | N/A |
| Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader. | ||||
| CVE-2008-5877 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444. | ||||
| CVE-2008-5878 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname parameter to theme/superchrome/box.php and the (2) theme parameter to phpclanwebsite/footer.php. | ||||
| CVE-2008-5879 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. | ||||
| CVE-2008-5881 | 1 Playsms | 1 Playsms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php. | ||||
| CVE-2008-3270 | 1 Redhat | 1 Enterprise Linux | 2026-04-23 | N/A |
| yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. | ||||
| CVE-2008-3271 | 2 Apache, Redhat | 2 Tomcat, Network Satellite | 2026-04-23 | N/A |
| Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. | ||||
| CVE-2008-5883 | 1 Mini-pub | 1 Mini-pub | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter. | ||||
| CVE-2008-5884 | 1 Zkesoft | 1 Ayeview | 2026-04-23 | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header. | ||||
| CVE-2008-5886 | 1 Takempis | 1 Discussion Web | 2026-04-23 | N/A |
| TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5887 | 1 Tincan | 1 Phplist | 2026-04-23 | N/A |
| phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | ||||
| CVE-2008-5890 | 1 Injader | 1 Injader | 2026-04-23 | N/A |
| SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2026-04-23 | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | ||||
| CVE-2002-2428 | 1 Goahead | 1 Goahead Webserver | 2026-04-23 | N/A |
| webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. | ||||
| CVE-2008-5892 | 1 Icash | 1 Click\&email | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information. | ||||