Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3361 1 Intellitamper 1 Intellitamper 2026-04-23 N/A
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
CVE-2008-3367 1 Webwizguide 1 Web Wiz Rich Text Editor 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2008-3368 1 Atutor 1 Atutor 2026-04-23 N/A
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
CVE-2008-3375 1 Jamroom 1 Jamroom 2026-04-23 N/A
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
CVE-2008-3377 1 Brandon Tallent 1 Phptest 2026-04-23 N/A
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
CVE-2008-3378 1 Fizzmedia Negativekarma 1 Fizzmedia 2026-04-23 N/A
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-3380 1 Myiosoft 1 Easybookmarker 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter.
CVE-2008-3385 1 Linuxwebshop 1 Php Help Agent 2026-04-23 N/A
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-3386 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
CVE-2008-3390 1 Minishowcase 1 Minishowcase Image Gallery 2026-04-23 N/A
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-3393 1 Infomining 1 Bookmine 2026-04-23 N/A
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.
CVE-2008-3398 1 Xrms 1 Xrms Crm 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
CVE-2008-3399 1 Xrms 1 Xrms Crm 2026-04-23 N/A
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
CVE-2008-3400 1 Xrms 1 Xrms Crm 2026-04-23 N/A
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
CVE-2008-3406 1 Phplinkat 1 Phplinkat 2026-04-23 N/A
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-3407 1 Phplinkat 1 Phplinkat 2026-04-23 N/A
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
CVE-2008-3408 1 Coolplayer 1 Coolplayer 2026-04-23 N/A
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
CVE-2008-3410 1 Epic Games 1 Unreal Tournament 3 2026-04-23 N/A
Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c.
CVE-2008-3418 1 Willo 1 Trio 2026-04-23 N/A
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3419 1 Greatclone 1 Youtuber Clone 2026-04-23 N/A
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.