Search Results (9541 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7188 1 Clip-share 1 Clipshare 2026-04-23 N/A
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
CVE-2008-7186 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-04-23 N/A
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
CVE-2008-7181 1 Butterflymedia 1 Butterfly Organizer 2026-04-23 N/A
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
CVE-2008-6643 1 Lokicms 1 Lokicms 2026-04-23 N/A
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVE-2008-6619 1 Netlab 1 Classsystem 2026-04-23 N/A
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/.
CVE-2008-6617 1 Sitexs Cms 1 Sitexs Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2008-6613 1 Abweb 1 Minimal-ablog 2026-04-23 N/A
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.
CVE-2008-6603 1 Moinmo 1 Moinmoin 2026-04-23 N/A
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
CVE-2008-6599 1 Jath Pala 1 Cookiecheck 2026-04-23 N/A
cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."
CVE-2008-6580 1 Funscripts 1 Red Reservations 2026-04-23 N/A
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.
CVE-2008-6535 1 Paypalestores 1 Paypal Estores 2026-04-23 N/A
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.
CVE-2008-6514 1 Compiz 1 Compiz Fusion 2026-04-23 N/A
The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.
CVE-2008-6506 1 Phpbb 1 Phpbb 2026-04-23 N/A
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.
CVE-2008-6496 1 Visagesoft 1 Expert Pdf Editorx 2026-04-23 N/A
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.
CVE-2008-6494 1 Robs-projects 1 Asp User Engine.net 2026-04-23 N/A
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
CVE-2008-6493 1 Easy-news 1 Easy Content Management Publishing 2026-04-23 N/A
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
CVE-2008-6388 1 4u2ges 1 Rapid Classified 2026-04-23 N/A
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
CVE-2008-6382 1 Aspportal 1 Aspportal 2026-04-23 N/A
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
CVE-2008-6375 1 Nexusjnr 1 Jbook 2026-04-23 N/A
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb.
CVE-2008-6374 1 Codefixer 1 Mailinglistpro 2026-04-23 N/A
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.