Export limit exceeded: 346188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346188 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6376 | 1 Nexusjnr | 1 Jbook | 2026-04-23 | N/A |
| SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). | ||||
| CVE-2008-6383 | 1 Drupal | 2 Drupal, Storm | 2026-04-23 | N/A |
| SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | ||||
| CVE-2008-6393 | 2 Jabber, Psi-im | 2 Jabber Client, Psi | 2026-04-23 | N/A |
| PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow. | ||||
| CVE-2008-6396 | 1 Celerondude | 1 Uploader | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6397 | 1 Alcovebook | 1 Sgml2x | 2026-04-23 | N/A |
| rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2008-6398 | 1 Eric Raymond | 1 Sng | 2026-04-23 | N/A |
| sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. | ||||
| CVE-2008-6412 | 1 Vignette | 1 Vignette Content Management | 2026-04-23 | N/A |
| Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors. | ||||
| CVE-2008-6413 | 2 Drupal, Ticklespace | 2 Drupal, Answers Module | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question. | ||||
| CVE-2008-6414 | 1 Aj Square | 1 Aj Auction | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||
| CVE-2008-6425 | 1 Comicshout | 1 Comicshout | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456. | ||||
| CVE-2008-6436 | 1 Xerox | 1 Workcentre | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6440 | 2 Cerberus, Webgroupmedia | 2 Cerberus Helpdesk, Cerberus Helpdesk | 2026-04-23 | N/A |
| Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. | ||||
| CVE-2008-6441 | 1 Epicgames | 1 Unreal Engine | 2026-04-23 | N/A |
| Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | ||||
| CVE-2009-1549 | 1 Agtc | 1 Agtc Myshop | 2026-04-23 | N/A |
| AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." | ||||
| CVE-2008-6449 | 1 Centurysys | 9 Xr-1100, Xr-410, Xr-410-l2 and 6 more | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors. | ||||
| CVE-2008-6460 | 2 Mirko Werner, Typo3 | 2 Mw Random Objects, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6461 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6464 | 1 Mevin | 1 Basic-php-events-lister | 2026-04-23 | N/A |
| SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6472 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | ||||