Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2026-04-23 | N/A |
| CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5912 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-5916 | 1 Git | 1 Git | 2026-04-23 | N/A |
| gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | ||||
| CVE-2008-5917 | 2 Horde, Microsoft | 2 Application Framework, Internet Explorer | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | ||||
| CVE-2008-5919 | 1 Tigris | 1 Websvn | 2026-04-23 | N/A |
| Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. | ||||
| CVE-2008-5920 | 1 Tigris | 1 Websvn | 2026-04-23 | N/A |
| The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. | ||||
| CVE-2008-5921 | 1 Umerinc | 1 Songs Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2026-04-23 | N/A |
| ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | ||||
| CVE-2008-5927 | 1 China-on-site | 1 Flexphpnews | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5928 | 1 Flds-script | 1 Flds | 2026-04-23 | N/A |
| SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2026-04-23 | N/A |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5934 | 1 Cmsisweb | 1 Cms Isweb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter. | ||||
| CVE-2008-5935 | 1 Factosystem | 1 Factosystem Weblog | 2026-04-23 | N/A |
| Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5936 | 1 Mini-pub | 1 Mini-pub | 2026-04-23 | N/A |
| front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter. | ||||
| CVE-2008-5947 | 1 Yapbb | 1 Yapbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter. | ||||
| CVE-2008-5940 | 1 Modxcms | 1 Modxcms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5941 | 1 Modxcms | 1 Modxcms | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | ||||
| CVE-2008-5944 | 1 Navboard | 1 Navboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter. | ||||
| CVE-2008-5945 | 1 Nukevietcms | 1 Nukeviet | 2026-04-23 | N/A |
| Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5946 | 1 Php-fusion | 1 Php-fusion | 2026-04-23 | N/A |
| SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | ||||