Export limit exceeded: 346172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346172 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6177 | 1 Publicwarehouse | 1 Lightblog | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php, and the (3) Lightblog_username cookie parameter to check_user.php. | ||||
| CVE-2008-6178 | 2 Fckeditor, Phplist | 2 Fckeditor, Phplist | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6180 | 1 Newlife Blogger | 1 Newlife Blogger | 2026-04-23 | N/A |
| SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie. | ||||
| CVE-2008-6181 | 2 Joomla, Mad4media | 2 Joomla, Com Mad4joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. | ||||
| CVE-2008-6196 | 1 Philippe Crochat | 1 Easysite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6198 | 2 Mybb, Mybboard | 2 Mybb, Custom Pages Plugin | 2026-04-23 | N/A |
| SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2009-2874 | 1 Cisco | 1 Unified Presence Server | 2026-04-23 | N/A |
| The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. | ||||
| CVE-2009-4145 | 2 Gnome, Redhat | 2 Networkmanager, Enterprise Linux | 2026-04-23 | N/A |
| nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network. | ||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2026-04-23 | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | ||||
| CVE-2008-6202 | 1 Jakob-persson | 1 Cobalt | 2026-04-23 | N/A |
| SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp. | ||||
| CVE-2008-6204 | 1 Supernet | 1 Supernet Shop | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp. | ||||
| CVE-2008-6206 | 1 Robotstats | 1 Robotstats | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2875 | 1 Cisco | 1 Webex | 2026-04-23 | N/A |
| Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | ||||
| CVE-2008-6214 | 1 Harlandscripts | 1 Pro Traffic One | 2026-04-23 | N/A |
| SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6219 | 1 Emc | 5 Networker Client, Networker Module, Networker Powersnap and 2 more | 2026-04-23 | N/A |
| nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. | ||||
| CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | ||||
| CVE-2009-4146 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147. | ||||
| CVE-2008-6225 | 1 Mole-group | 1 Airline Ticket Sale Script | 2026-04-23 | N/A |
| SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist. | ||||
| CVE-2008-6230 | 1 Preprojects | 1 Pre Podcast Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-2876 | 1 Cisco | 1 Webex | 2026-04-23 | N/A |
| Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. | ||||