Export limit exceeded: 364872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3344 1 Myiosoft 1 Easye-cards 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters.
CVE-2008-3345 1 Myiosoft 1 Easye-cards 2026-04-23 N/A
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
CVE-2008-3346 1 E-topbiz 1 Shopcart Dx 2026-04-23 N/A
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-3347 1 Myiosoft 1 Easydynamicpages 2026-04-23 N/A
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
CVE-2008-3348 1 Myiosoft 1 Easydynamicpages 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter.
CVE-2008-3349 2 Ibm, Netapp 3 N Series Storage Server, Data Ontap, Fas900 2026-04-23 N/A
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
CVE-2008-3350 1 The Kelleys 1 Dnsmasq 2026-04-23 N/A
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
CVE-2008-3351 1 Atomphotoblog 1 Atomphotoblog 2026-04-23 N/A
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
CVE-2008-3352 1 Nersoft 1 Live Music Plus 2026-04-23 N/A
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
CVE-2008-3353 1 Puresw 1 Lore 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature.
CVE-2008-3354 1 Runcms 2 Newbb Plus Module, Runcms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3355 1 Camera Life 1 Camera Life 2026-04-23 N/A
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
CVE-2008-3356 1 Ingres 1 Ingres 2026-04-23 N/A
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
CVE-2008-3357 3 Actian, Hp, Linux 3 Ingres, Hp-ux, Linux Kernel 2026-04-23 N/A
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."
CVE-2008-3358 2 Microsoft, Sap 2 Internet Explorer, Netweaver 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.
CVE-2008-3359 1 Owl 1 Intranet Knowledgebase 2026-04-23 N/A
SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3360 1 Intellitamper 1 Intellitamper 2026-04-23 N/A
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
CVE-2008-3361 1 Intellitamper 1 Intellitamper 2026-04-23 N/A
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
CVE-2008-3362 2 Giulio Ganci, Wordpress 2 Wp Downloads Manager, Wp Downloads Manager 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
CVE-2008-3363 1 Dokeos 1 E-learning System 2026-04-23 N/A
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.