Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3274 | 3 Linux, Mozilla, Redhat | 3 Linux Kernel, Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6238 | 1 Openedit | 1 Openedit Digital Asset Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in archive/savedqueries/savequeryfinish.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2008-6239 | 1 Openedit | 1 Openedit Digital Asset Management | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors. | ||||
| CVE-2008-6240 | 1 Openedit | 1 Openedit Digital Asset Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter. | ||||
| CVE-2008-6242 | 1 Scripts-for-sites | 1 Ez E-store | 2026-04-23 | N/A |
| SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter. | ||||
| CVE-2008-6243 | 1 Scripts For Sites | 1 Ez Hotscripts-likesite | 2026-04-23 | N/A |
| SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2008-6244 | 1 Scripts-for-sites | 1 Ez Gaming Cheats | 2026-04-23 | N/A |
| SQL injection vulnerability in view_reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6245 | 1 Scripts-for-sites | 1 Ez Biz Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6246 | 1 Scripts-for-sites | 1 Ez Webring | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2009-3278 | 1 Qnap | 4 Ts-239 Pro, Ts-239 Pro Firmware, Ts-639 Pro and 1 more | 2026-04-23 | 5.5 Medium |
| The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack. | ||||
| CVE-2008-6248 | 1 Galatolo | 1 Galatolo Webmanager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | ||||
| CVE-2008-6249 | 1 Gwm | 1 Galatolo Webmanager | 2026-04-23 | N/A |
| SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6250 | 1 Comdev | 1 Comdev Web Blogger | 2026-04-23 | N/A |
| SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page. | ||||
| CVE-2008-6251 | 1 Scripts | 1 Phpfan | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | ||||
| CVE-2008-6254 | 1 Jadu | 1 Jadu Galaxies | 2026-04-23 | N/A |
| SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter. | ||||
| CVE-2008-6255 | 1 Vbulletin | 1 Vbulletin | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php. | ||||
| CVE-2009-3283 | 1 Phpspot | 6 Php \& Css Bbs, Php Bbs, Php Bbs Ce and 3 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies. | ||||
| CVE-2008-6256 | 1 Vbulletin | 1 Vbulletin | 2026-04-23 | N/A |
| SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. | ||||
| CVE-2008-6258 | 1 Quadcomm | 1 Q-shop | 2026-04-23 | N/A |
| SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108. | ||||
| CVE-2008-6259 | 1 Quadcomm | 1 Q-shop | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter. | ||||