Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0552 | 1 Eticket | 1 Eticket | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2008-0554 | 2 Netpbm, Redhat | 2 Netpbm, Enterprise Linux | 2026-04-23 | N/A |
| Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. | ||||
| CVE-2008-0295 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. | ||||
| CVE-2008-0294 | 1 Freeseat | 1 Freeseat | 2026-04-23 | N/A |
| Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. | ||||
| CVE-2008-0247 | 1 Ibm | 1 Tivoli Storage Manager Express | 2026-04-23 | N/A |
| Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value. | ||||
| CVE-2008-0248 | 1 Streamaudio | 1 Chaincast Proxymanager Activex Control | 2026-04-23 | N/A |
| Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method. | ||||
| CVE-2008-0249 | 1 Phpwebquest | 1 Phpwebquest | 2026-04-23 | N/A |
| PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments. | ||||
| CVE-2008-0250 | 1 Microsoft | 1 Visual Interdev | 2026-04-23 | N/A |
| Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. | ||||
| CVE-2008-0251 | 1 Photopost | 1 Photopost Vbgallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. | ||||
| CVE-2008-0252 | 1 Cherrypy | 1 Cherrypy | 2026-04-23 | N/A |
| Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. | ||||
| CVE-2009-3782 | 2 2bits, Drupal | 2 Userpoints, Drupal | 2026-04-23 | N/A |
| Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | ||||
| CVE-2008-0255 | 1 Igamingcms | 1 Igaming Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. | ||||
| CVE-2008-0256 | 1 Matteo Binda | 1 Asp Photo Gallery | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. | ||||
| CVE-2008-0257 | 1 Dansie | 1 Search Engine | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0259 | 1 Minimal Design | 1 Minimal Gallery | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters. | ||||
| CVE-2008-0260 | 1 Minimal Design | 1 Minimal Gallery | 2026-04-23 | N/A |
| minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function. | ||||
| CVE-2008-0261 | 1 Mambo | 1 Mambo Open Source | 2026-04-23 | N/A |
| Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. | ||||
| CVE-2008-0262 | 1 Agares Media | 1 Phpautovideo | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | ||||
| CVE-2009-3786 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. | ||||
| CVE-2008-0266 | 1 Eticket | 1 Eticket | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability. | ||||