Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3386 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
CVE-2008-3387 1 Phpfootball 1 Phpfootball 2026-04-23 N/A
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
CVE-2008-3388 1 Easy-script 1 Def Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
CVE-2008-3389 3 Hp, Ingres, Linux 3 Hp-ux, Ingres, Linux Kernel 2026-04-23 N/A
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
CVE-2008-3390 1 Minishowcase 1 Minishowcase Image Gallery 2026-04-23 N/A
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-3391 1 Webwizguide 1 Web Wiz Forum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
CVE-2008-3392 1 Webwizguide 1 Web Wiz Forum 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
CVE-2008-3393 1 Infomining 1 Bookmine 2026-04-23 N/A
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.
CVE-2008-3394 1 Infomining 1 Bookmine 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters.
CVE-2008-3395 2 Calacode, Linux 2 Atmail, Linux Kernel 2026-04-23 N/A
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3396 1 Epic Games 1 Unreal Tournament 2004 2026-04-23 N/A
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
CVE-2008-3397 1 Runesoft 1 Cerberus Cms 2026-04-23 6.1 Medium
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
CVE-2008-3398 1 Xrms 1 Xrms Crm 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
CVE-2008-3399 1 Xrms 1 Xrms Crm 2026-04-23 N/A
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
CVE-2008-3400 1 Xrms 1 Xrms Crm 2026-04-23 N/A
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
CVE-2008-3401 1 Hscripts 1 Hiox Random Ad 2026-04-23 N/A
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3402 1 Hscripts 1 Hiox Random Ad 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
CVE-2008-3403 1 Mojoscripts 1 Mojopersonals 2026-04-23 N/A
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-3404 1 Mdsjack 1 Mjguest 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.
CVE-2008-3405 1 Nazgulled 1 Nzfotolog 2026-04-23 N/A
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.