Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3241 1 Ultrastats 1 Ultrastats 2026-04-23 N/A
SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3262 1 Claroline 1 Claroline 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
CVE-2008-3288 1 Emc 1 Dantz Retrospect Backup Server 2026-04-23 N/A
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.
CVE-2008-3276 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.
CVE-2008-3296 1 Xoops 1 Xoops 2026-04-23 N/A
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3297 1 Social Engine 1 Social Engine 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
CVE-2008-3320 1 Maian 1 Guestbook 2026-04-23 N/A
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
CVE-2008-3321 1 Maian Script World 1 Maian Uploader 2026-04-23 N/A
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
CVE-2008-3322 1 Maian 1 Recipe 2026-04-23 N/A
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
CVE-2008-3324 1 Party Gaming 1 Party Poker Client 2026-04-23 8.1 High
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update.
CVE-2008-3330 1 Debian 2 Horde, Turba 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
CVE-2008-3332 1 Mantis 1 Mantis 2026-04-23 N/A
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
CVE-2008-3333 1 Mantis 1 Mantis 2026-04-23 N/A
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
CVE-2008-3334 1 Mybb 1 Mybb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.
CVE-2008-3335 1 Punbb 1 Punbb 2026-04-23 N/A
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
CVE-2008-3339 1 Avidweb Technologies 1 Jobbex Jobsite 2026-04-23 N/A
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.
CVE-2008-3338 1 Tibco 4 Hawk, Iprocess Engine, Mainframe Service Tracker and 1 more 2026-04-23 N/A
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
CVE-2008-3340 1 Jobbex 1 Jobsite 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.)
CVE-2008-3352 1 Nersoft 1 Live Music Plus 2026-04-23 N/A
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
CVE-2008-3353 1 Puresw 1 Lore 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature.