Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366897 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3582 1 Keld 1 Php-mysql News Script 2026-04-23 N/A
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-3583 1 Intellitamper 1 Intellitamper 2026-04-23 N/A
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected.
CVE-2008-3584 1 Netbsd 1 Netbsd 2026-04-23 N/A
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.
CVE-2008-3654 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
CVE-2008-3585 1 Pozscripts 1 Greencart Php Shopping Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
CVE-2008-3586 1 Joomla 1 Com Ezstore 2026-04-23 N/A
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-3587 1 Needscripts 1 Homes 4 Sale 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
CVE-2008-3588 1 Phsblog 1 Phsblog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
CVE-2008-3589 1 Mozilo 1 Mozilocms 2026-04-23 N/A
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
CVE-2008-3590 1 Egi Zaberl 1 E.z. Poll 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3591 1 21degrees 1 Symphony 2026-04-23 N/A
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
CVE-2008-3592 1 21degrees 1 Symphony 2026-04-23 N/A
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
CVE-2008-3593 1 Syzygycms 1 Syzygycms 2026-04-23 N/A
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-3594 1 Magicscripts 2 E-store Kit-1, E-store Kit-2 2026-04-23 N/A
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-3595 1 Txtsql 1 Txtsql 2026-04-23 N/A
PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.
CVE-2008-3596 1 Harmoni 1 Harmoni 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.
CVE-2008-3597 1 Skulltag 1 Skulltag 2026-04-23 7.5 High
Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
CVE-2008-3598 1 Psi-labs 1 Psipuss 2026-04-23 N/A
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
CVE-2008-3599 1 Openimpro 1 Openimpro 2026-04-23 N/A
SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3600 1 Menalto 1 Gallery 2026-04-23 N/A
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.