Export limit exceeded: 364976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6736 1 Circulargenius 1 Flat Calendar 2026-04-23 N/A
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
CVE-2008-6737 1 Ea 1 Crysis 2026-04-23 N/A
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
CVE-2008-6738 1 Mark Girling 1 Myshoutpro 2026-04-23 N/A
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
CVE-2008-6739 1 Toddwoolums 1 Asp Download 2026-04-23 N/A
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
CVE-2008-6741 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
CVE-2008-6742 1 Gofoxy 1 Foxy 2026-04-23 N/A
Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value.
CVE-2008-6743 1 Shock-therapy 1 Rsmscript 2026-04-23 N/A
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
CVE-2008-6744 1 Cybozu 3 Cybozu Dezie, Cybozu Garoon, Cybozu Office 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-6745 1 Blogphp 1 Blogphp 2026-04-23 N/A
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
CVE-2008-6746 1 Horde 1 Turba H3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.
CVE-2008-6747 1 Dotproject 1 Dotproject 2026-04-23 N/A
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.
CVE-2008-6748 1 Megacubo 1 Megacubo 2026-04-23 N/A
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
CVE-2008-6766 1 Viart 1 Viart Shop 2026-04-23 N/A
cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests.
CVE-2008-6749 1 China-on-site 1 Flexphpdirectory 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
CVE-2008-6750 1 China-on-site 1 Flexphpdirectory 2026-04-23 N/A
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
CVE-2008-6751 1 Revou 2 Revou, Tclone 2026-04-23 N/A
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo.
CVE-2008-6752 1 Revou 1 Revou 2026-04-23 N/A
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
CVE-2008-6753 1 Silverstripe 1 Silverstripe 2026-04-23 N/A
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
CVE-2008-6754 2 Jelsoft, Mephisteus 2 Vbulletin, The Personal Sticky Threads 2026-04-23 N/A
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
CVE-2008-6755 2 Redhat, Zoneminder 2 Fedora, Zoneminder 2026-04-23 N/A
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.