Export limit exceeded: 364348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4146 1 Addalink 1 Addalink 2026-04-23 N/A
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
CVE-2008-4147 1 Drupal 1 Mailsave 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type.
CVE-2008-4148 1 Drupal 1 Mailhandler 2026-04-23 N/A
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
CVE-2008-4149 1 Drupal 1 Link To Us 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.
CVE-2008-4150 1 Dieselscripts 1 Diesel Joke Site 2026-04-23 N/A
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
CVE-2008-4151 1 Cyask 1 Cyask 2026-04-23 N/A
Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.
CVE-2008-4152 1 Drupal 1 Talk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
CVE-2008-4153 1 Drupal 1 Talk 2026-04-23 N/A
The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information.
CVE-2008-4154 1 Living-e 1 Webedition Cms 2026-04-23 N/A
SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.
CVE-2008-4155 1 Easybrik 1 Easysite 2026-04-23 N/A
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.
CVE-2008-4156 1 Customcms 1 Gaming Portal 2026-04-23 N/A
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4157 1 Vastal 1 Phpvid 2026-04-23 N/A
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-4158 1 Zanfi Solutions 1 Zanfi Cms Lite 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
CVE-2008-4159 1 Zanfi Solutions 2 Jaw Portal, Zanfi Cms Lite 2026-04-23 N/A
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.
CVE-2008-4160 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.
CVE-2008-4161 1 Assetman 1 Assetman 2026-04-23 N/A
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.
CVE-2008-4162 1 Nooms 1 Nooms 2026-04-23 N/A
Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter.
CVE-2008-4163 1 Isc 1 Bind 2026-04-23 N/A
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
CVE-2008-4164 1 Memht 1 Memht Portal 2026-04-23 N/A
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2008-4165 1 Kolab 1 Kolab Groupware Server 2026-04-23 N/A
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.