Export limit exceeded: 346145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1358 | 1 Altn | 1 Mdaemon | 2026-04-23 | N/A |
| Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY. | ||||
| CVE-2008-1461 | 1 Xnview | 1 Xnview | 2026-04-23 | N/A |
| Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker. | ||||
| CVE-2008-1462 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action. | ||||
| CVE-2008-0719 | 1 Oscommerce | 2 Customer Testimonials, Oscommerce | 2026-04-23 | N/A |
| SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. | ||||
| CVE-2008-1359 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. | ||||
| CVE-2008-1730 | 1 Arwscripts | 1 Gallery Script Lite | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | ||||
| CVE-2008-0723 | 1 Planetluc | 1 Mynews | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1. | ||||
| CVE-2008-1360 | 1 Nagios | 1 Nagios | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624. | ||||
| CVE-2008-1731 | 2 3281d, Drupal | 2 Simple Access, Drupal | 2026-04-23 | N/A |
| The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | ||||
| CVE-2008-0728 | 1 Clamav | 1 Clamav | 2026-04-23 | N/A |
| The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." | ||||
| CVE-2008-1732 | 1 Predictionfootball | 1 Predictionfootball | 2026-04-23 | N/A |
| SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action. | ||||
| CVE-2008-1733 | 2 Joomla, Pragmaticutopia | 2 Joomla, Com Puarcade | 2026-04-23 | N/A |
| SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | ||||
| CVE-2008-0729 | 1 Apple | 3 Iphone, Iphone Os, Mobile Safari | 2026-04-23 | N/A |
| Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0731 | 3 Linux, Novell, Suse | 3 Linux Kernel, Apparmor, Open Suse | 2026-04-23 | N/A |
| The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. | ||||
| CVE-2008-0737 | 1 Shoppingtree | 1 Candypress Store | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter. | ||||
| CVE-2008-0746 | 2 Joomla, Mambo | 2 Com Gallery, Com Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | ||||
| CVE-2008-1464 | 1 Gallarific | 1 Gallarific | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0748 | 1 Sony | 2 Axruploadserver Activex Control, Imagestation | 2026-04-23 | N/A |
| Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0753 | 1 Vwar | 1 Virtual War | 2026-04-23 | N/A |
| SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter. | ||||
| CVE-2008-1467 | 1 Centerim | 1 Centerim | 2026-04-23 | N/A |
| CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim | ||||