Export limit exceeded: 11546 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | ||||
| CVE-2008-6387 | 1 Activewebsoftwares | 1 Quick Tree View .net | 2026-04-23 | N/A |
| Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. | ||||
| CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | ||||
| CVE-2008-6342 | 2 Lobacher Patrick, Typo3 | 2 Simplefilebrowser, Typo3 | 2026-04-23 | N/A |
| Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2008-6298 | 1 Rocketeer.dip | 1 Sisapilocation | 2026-04-23 | N/A |
| Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | ||||
| CVE-2008-6279 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2026-04-23 | N/A |
| RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message. | ||||
| CVE-2008-5937 | 1 Zkesoft | 1 Ayeview | 2026-04-23 | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values. | ||||
| CVE-2008-5936 | 1 Mini-pub | 1 Mini-pub | 2026-04-23 | N/A |
| front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter. | ||||
| CVE-2008-5906 | 1 Ktorrent | 1 Ktorrent | 2026-04-23 | N/A |
| Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. | ||||
| CVE-2008-5904 | 1 Xrdp | 1 Xrdp | 2026-04-23 | N/A |
| The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow. | ||||
| CVE-2008-5887 | 1 Tincan | 1 Phplist | 2026-04-23 | N/A |
| phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | ||||
| CVE-2008-5872 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. | ||||
| CVE-2008-5870 | 1 Faststone | 1 Image Viewer | 2026-04-23 | N/A |
| FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942. | ||||
| CVE-2008-5849 | 1 Checkpoint | 1 Vpn-1 | 2026-04-23 | N/A |
| Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264. | ||||
| CVE-2008-5828 | 1 Microsoft | 1 Windows Live Messenger | 2026-04-23 | N/A |
| Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. | ||||
| CVE-2008-5826 | 1 Nokia | 1 6131 Nfc | 2026-04-23 | N/A |
| The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI. | ||||
| CVE-2008-5810 | 1 Fujitsu-siemens | 1 Webtransactions | 2026-04-23 | N/A |
| WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs. | ||||
| CVE-2008-5732 | 1 Kafooeyblog | 1 Kafooeyblog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | ||||
| CVE-2008-5730 | 1 Netcat | 1 Netcat | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file. | ||||
| CVE-2008-5715 | 2 Microsoft, Mozilla | 2 Windows Vista, Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. | ||||