Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7153 | 1 Docebo | 1 Docebo | 2026-04-23 | N/A |
| SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command. | ||||
| CVE-2008-7154 | 1 Docebo | 1 Docebo | 2026-04-23 | N/A |
| Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message. | ||||
| CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | ||||
| CVE-2008-7156 | 1 Ekinboard | 1 Ekinboard | 2026-04-23 | N/A |
| EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | ||||
| CVE-2008-7157 | 1 Ekinboard | 1 Ekinboard | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/. | ||||
| CVE-2008-7158 | 1 Numarasoftware | 1 Footprints | 2026-04-23 | N/A |
| Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-7159 | 1 Silcnet | 1 Silc Toolkit | 2026-04-23 | N/A |
| The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | ||||
| CVE-2008-7160 | 1 Silcnet | 1 Silc Toolkit | 2026-04-23 | N/A |
| The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. | ||||
| CVE-2008-7161 | 1 Fortinet | 1 Fortigate-1000 | 2026-04-23 | N/A |
| Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. | ||||
| CVE-2008-7162 | 1 Heroshare | 1 Hero Super Player 3000 | 2026-04-23 | N/A |
| Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504. | ||||
| CVE-2008-7163 | 1 Sinecms | 1 Sinecms | 2026-04-23 | N/A |
| Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter. | ||||
| CVE-2008-7164 | 1 Ryo-oh-ki | 1 Shareaza | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor. | ||||
| CVE-2008-7165 | 1 Alice | 1 Gate2 Plus Wi-fi | 2026-04-23 | N/A |
| Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters. | ||||
| CVE-2008-7166 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2026-04-23 | N/A |
| Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364. | ||||
| CVE-2008-7167 | 1 Sami Ekblad | 1 Page Manager | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2008-7168 | 1 Uusee | 2 Uusee, Uuupgrade.ocx | 2026-04-23 | N/A |
| Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009. | ||||
| CVE-2008-7169 | 2 Jabode, Joomla | 2 Com Jabode, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php. | ||||
| CVE-2008-7170 | 1 Gameservers | 1 Gsc | 2026-04-23 | N/A |
| GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | ||||
| CVE-2008-7171 | 1 Yanick Bourbeau | 1 Lightweight News Portal | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php. | ||||
| CVE-2008-7172 | 1 Yanick Bourbeau | 1 Lightweight News Portal | 2026-04-23 | N/A |
| Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions. | ||||