Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7004 1 Elog 1 Elog 2026-04-23 N/A
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.
CVE-2008-7005 1 Minb 1 Minb Is Not A Blog 2026-04-23 N/A
include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution.
CVE-2008-7006 1 Phpversion 1 Php Vx Guestbook 2026-04-23 N/A
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
CVE-2008-7007 1 Phpversion 1 Php Vx Guestbook 2026-04-23 N/A
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.
CVE-2008-7008 1 Hyperstop 1 Web Host Directory 2026-04-23 N/A
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
CVE-2008-7009 1 Checkpoint 1 Zonealarm 2026-04-23 N/A
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
CVE-2008-7010 1 Skalinks 1 Exchange Script 2026-04-23 N/A
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.
CVE-2008-7011 6 Digital Extreme, Epic Games, Groove Games and 3 more 6 Pariah, Unreal Tournament, Warpath and 3 more 2026-04-23 N/A
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
CVE-2008-7012 1 Accellion 1 Secure File Transfer Appliance 2026-04-23 N/A
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
CVE-2008-7013 1 Baidu 1 Baidu Hi Im 2026-04-23 N/A
NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.
CVE-2008-7014 1 Fhttpd 1 Fhttpd 2026-04-23 N/A
fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.
CVE-2008-7015 2 Epic Games, Frontlines 2 Unreal Tournament, Fuel Of War 2026-04-23 N/A
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
CVE-2008-7016 1 Luke Mewburn 1 Tnftpd 2026-04-23 N/A
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.
CVE-2008-7017 1 Cacert 1 Cacert 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.
CVE-2008-7018 1 Nashtech 1 Easy Php Calendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.
CVE-2008-7019 1 Esqlanelapse 1 Esqlanelapse 2026-04-23 N/A
Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.
CVE-2008-7020 1 Mcafee 1 Safeboot Device Encryption 2026-04-23 N/A
McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2008-7021 1 Availscript 1 Jobs Portal Script 2026-04-23 N/A
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.
CVE-2008-7022 1 Chilkatsoft 1 Chilkat Imap Activex Control 2026-04-23 N/A
Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.
CVE-2008-6854 1 Xigla 1 Absolute Faq Manager .net 2026-04-23 N/A
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.