Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1467 1 Centerim 1 Centerim 2026-04-23 N/A
CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim
CVE-2008-1469 1 Gallarific 1 Gallarific 2026-04-23 N/A
Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1477 1 Jcorporate 1 Eforum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eForum 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) busca and (2) link parameters.
CVE-2008-1476 1 Serendipity 1 Serendipity 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
CVE-2008-1488 1 Pecl-php 1 Alternative Php Cache 2026-04-23 N/A
Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename.
CVE-2008-1491 1 Asus 1 Remote Console 2026-04-23 N/A
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
CVE-2008-1501 2 Ircu, Quakenet 2 Ircu, Snircd 2026-04-23 N/A
The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.
CVE-2008-1497 1 Netwin 1 Surgemail 2026-04-23 N/A
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
CVE-2008-1499 1 Cpanel 1 Cpanel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-1504 1 Phpheaven 1 Phpmychat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1506 1 Peel 1 Peel 2026-04-23 N/A
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2008-1508 1 Efestech 1 E-kontor 2026-04-23 N/A
SQL injection vulnerability in EfesTech E-Kontör and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1509 1 Xlportal 1 Xlportal 2026-04-23 N/A
SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter.
CVE-2008-1510 1 Alkacon 1 Opencms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.
CVE-2008-1517 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.
CVE-2008-1522 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access.
CVE-2008-1529 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods.
CVE-2008-1530 1 Gnupg 1 Gnupg 2026-04-23 N/A
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
CVE-2008-1532 1 Perlbal 1 Perlbal 2026-04-23 N/A
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.
CVE-2008-1553 1 Topper 1 Toppermod 2026-04-23 N/A
Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter.