Search Results (120767 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2273 1 Huawei 2 D100, D100 Firmware 2026-04-23 N/A
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2008-2192 1 Itcms 1 Itcms 2026-04-23 N/A
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
CVE-2008-2193 1 Scorpnews 1 Scorpnews 2026-04-23 N/A
PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2008-2896 1 Getfireant 1 Fireant 2026-04-23 N/A
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2009-2283 1 Sun 2 Java Web Console, Solaris 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2194 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2008-2198 1 Kmita Tellfriend 1 Tellfriend 2026-04-23 N/A
PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2008-2902 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
CVE-2008-0501 1 Sourceforge 1 Phpmyclub 2026-04-23 N/A
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
CVE-2008-2201 1 Maianscriptworld 1 Maian Recipe 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters.
CVE-2008-2909 1 Clever Copy 1 Clever Copy 2026-04-23 N/A
SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter.
CVE-2008-2202 1 Maianscriptworld 1 Maian Uploader 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.
CVE-2008-2205 1 Maianscriptworld 1 Maian Music 2026-04-23 N/A
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action.
CVE-2009-2288 1 Nagios 1 Nagios 2026-04-23 N/A
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
CVE-2008-2207 1 Maianscriptworld 1 Maian Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
CVE-2009-2289 1 Arcadetradescript 1 Arcade Trade Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action.
CVE-2008-2214 1 Castle Rock 1 Snmpc 2026-04-23 N/A
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
CVE-2008-1542 1 Airspan 1 Base Station Distribution Unit 2026-04-23 N/A
Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
CVE-2008-2223 1 Buyscripts 1 Vshare Youtube Clone 2026-04-23 N/A
SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2008-2224 1 Sazcart 1 Sazcart 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php.