Export limit exceeded: 366303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6787 1 Jeremy Powers 1 Lizardware Cms 2026-04-23 N/A
SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.
CVE-2008-6788 1 Minddezign 1 Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
CVE-2008-6789 1 Minddezign 1 Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
CVE-2008-6790 1 Minddezign 1 Photo Gallery 2026-04-23 N/A
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
CVE-2008-6791 1 Klever 1 Pumpkin 2026-04-23 N/A
PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.
CVE-2008-6792 1 Ubuntu 1 Linux 2026-04-23 N/A
system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.
CVE-2008-6793 1 Dflabs 1 Ptk 2026-04-23 N/A
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
CVE-2008-6794 1 Sfs Ez Pub 1 Fsf Ex Pub 2026-04-23 N/A
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6795 1 Niclor 1 Vibro-school-cms 2026-04-23 N/A
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
CVE-2008-6796 1 Preprojects 1 Pre Real Estate Listings 2026-04-23 N/A
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
CVE-2008-6797 1 Mitel 1 Mitel Nupoint Messenger 2026-04-23 N/A
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2008-6798 1 Preprojects 1 Pre Real Estate Listings 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
CVE-2008-6799 1 Tufat 1 Flashchat 2026-04-23 N/A
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."
CVE-2008-6801 1 Vivvo 1 Vivvo 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-6802 1 Phpexplorer 1 Phphotogallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6803 1 Yigit Aybuga 1 Dizi Portali 2026-04-23 N/A
SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6804 1 Tribiq 1 Tribiq Cms 2026-04-23 N/A
Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue
CVE-2008-6805 1 Micgr 1 Mic Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
CVE-2008-6806 1 7-shop 1 7shop 2026-04-23 N/A
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
CVE-2008-6807 1 Ibiblio 1 Osprey 2026-04-23 N/A
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the lib_dir vector is already covered by CVE-2006-6630.