Search Results (364837 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3340 1 Jobbex 1 Jobsite 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.)
CVE-2008-3341 1 Jobbex 1 Jobsite 2026-04-23 N/A
Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3342 1 Myiosoft 1 Easypublish 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action.
CVE-2008-3343 1 Myiosoft 1 Easypublish 2026-04-23 N/A
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.
CVE-2008-3345 1 Myiosoft 1 Easye-cards 2026-04-23 N/A
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
CVE-2008-3346 1 E-topbiz 1 Shopcart Dx 2026-04-23 N/A
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-3347 1 Myiosoft 1 Easydynamicpages 2026-04-23 N/A
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
CVE-2008-3348 1 Myiosoft 1 Easydynamicpages 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter.
CVE-2008-3222 2 Drupal, Fedoraproject 2 Drupal, Fedora 2026-04-23 N/A
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
CVE-2008-3675 1 Gelatocms 1 Gelatocms 2026-04-23 N/A
Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-3219 2 Drupal, Fedoraproject 2 Drupal, Fedora 2026-04-23 N/A
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.
CVE-2008-3217 1 Powerdns 1 Recursor 2026-04-23 N/A
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.
CVE-2008-3216 1 Debian 1 Projectl 2026-04-23 N/A
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2008-3215 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
CVE-2008-3214 1 Thekelleys 1 Dnsmasq 2026-04-23 N/A
dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.
CVE-2008-3213 1 Webcms 1 Webcms Portal Edition 2026-04-23 N/A
SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information.
CVE-2008-3163 1 Regretless 1 Dodos Mail 2026-04-23 N/A
Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3164 1 Fuzzylime 1 Fuzzylime Cms 2026-04-23 N/A
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
CVE-2008-3165 1 Fuzzylime 1 Fuzzylime Cms 2026-04-23 N/A
Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.
CVE-2008-3166 1 Boonex 1 Ray 2026-04-23 N/A
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.