Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363821 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5620 | 1 Zehnet | 1 Zz Flashchat | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. | ||||
| CVE-2008-3447 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2026-04-23 | N/A |
| The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets. | ||||
| CVE-2007-5256 | 1 Mcdu | 1 Fsd | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and FSFDT FSD 3.000 d9 and earlier, allow (1) remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc and (2) remote authenticated users to execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc, as demonstrated by a PIcallsign command. | ||||
| CVE-2008-1215 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2026-04-23 | N/A |
| Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. | ||||
| CVE-2008-3116 | 1 Hanghai | 3 5th Street, High Street 5, Hot Step | 2026-04-23 | N/A |
| Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message. | ||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | ||||
| CVE-2008-2993 | 1 Fog | 1 Fog Forum | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and (2) fog_skin parameters, probably related to libs/required/share.inc; and possibly the (3) fog_pseudo, (4) fog_posted, (5) fog_password, and (6) fog_cook parameters. | ||||
| CVE-2008-2997 | 1 Gravityboardx | 1 Gravity Board X | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action. | ||||
| CVE-2008-6826 | 1 Mhfmedia | 1 Ads Pro | 2026-04-23 | N/A |
| dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | ||||
| CVE-2008-3456 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. | ||||
| CVE-2008-3458 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | ||||
| CVE-2008-6729 | 1 Phpmotion | 1 Phpmotion | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter. | ||||
| CVE-2009-0041 | 1 Asterisk | 3 Asterisk Business Edition, Open Source, S800i Appliance | 2026-04-23 | N/A |
| IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-3486 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. | ||||
| CVE-2008-3494 | 1 8e6 | 1 R3000 Internet Filter | 2026-04-23 | N/A |
| 8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header. | ||||
| CVE-2008-6834 | 1 Fuzzylime | 1 Fuzzylime \(cms\) | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164. | ||||
| CVE-2008-3502 | 1 Bestpractical | 1 Rt | 2026-04-23 | N/A |
| Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl. | ||||
| CVE-2008-3505 | 1 Polypager | 1 Polypager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI. | ||||
| CVE-2008-6837 | 1 Zoph | 1 Zoph | 2026-04-23 | N/A |
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3510 | 1 Crafty Syntax Live Help | 1 Crafty Syntax Live Help | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter. | ||||