Search Results (364909 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6398 1 Eric Raymond 1 Sng 2026-04-23 N/A
sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.
CVE-2008-6177 1 Publicwarehouse 1 Lightblog 2026-04-23 N/A
Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php, and the (3) Lightblog_username cookie parameter to check_user.php.
CVE-2008-6178 2 Fckeditor, Phplist 2 Fckeditor, Phplist 2026-04-23 N/A
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
CVE-2008-6179 1 Indexscript 1 Indexscript 2026-04-23 N/A
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.
CVE-2008-6180 1 Newlife Blogger 1 Newlife Blogger 2026-04-23 N/A
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
CVE-2008-6181 2 Joomla, Mad4media 2 Joomla, Com Mad4joomla 2026-04-23 N/A
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
CVE-2008-6182 1 Joomla 2 Ignitegallery, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
CVE-2008-6183 1 Myphpindexer 1 My Php Indexer 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.
CVE-2008-6184 2 Joomla, Medialab-karlsruhe 2 Joomla, Ownbiblio 2026-04-23 N/A
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.
CVE-2008-6185 1 Noticeware 1 Noticeware Email Server Ng 2026-04-23 N/A
NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command.
CVE-2008-6186 1 Raidenftpd 1 Raidenftpd 2026-04-23 N/A
Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.
CVE-2008-6187 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
CVE-2008-6188 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
CVE-2008-6189 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
CVE-2008-6190 1 Eeb-welt 1 Eebcms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
CVE-2008-6191 1 Intrinsic 1 Swimage Encore 2026-04-23 N/A
Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2008-6192 1 Sun 1 Java System Portal Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6193 1 Myblog 1 Myblog 2026-04-23 N/A
Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-6194 1 Microsoft 1 Windows 2026-04-23 N/A
Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898.
CVE-2008-6195 1 Landesk 1 Landesk Management Suite 2026-04-23 N/A
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643.