• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-7187
Coppermine-gallery
Coppermine_gallery, Coppermine_photo_gallery
2018-10-11
N/A
N/A
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
CVE-2008-7186
Coppermine-gallery
Coppermine_gallery, Coppermine_photo_gallery
2018-10-11
N/A
N/A
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
CVE-2008-7185
Gnome
Anjuta, At-spi2-atk, Balsa, Batalla_naval, Bonobo, Byzanz, Caribou, Control_center, Dhcdbd, Dia
2018-10-11
N/A
N/A
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
CVE-2008-7184
Diigo, Diigolet
Diigolet, Diigo_toolbar
2018-10-11
N/A
N/A
Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment.
CVE-2008-7183
Eva Cms, Evacms
Eva_cms
2017-08-17
N/A
N/A
PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php.
CVE-2008-7182
Netwin, Surgemail
Cwmail, Dmail, Dmailweb, Dnews, Dnewsweb, Netauth, Smsgate, Surgeftp, Surgeldap, Surgemail
2017-09-29
N/A
N/A
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
CVE-2008-7181
Butterflymedia
Butterfly_organizer
2017-09-29
N/A
N/A
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
CVE-2008-7180
Rittwick Banerjee
Telephone_directory_2008
2017-09-29
N/A
N/A
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
CVE-2008-7179
Otmanager, Otmanager Cms
Otmanager_cms
2017-09-29
N/A
N/A
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
CVE-2008-7178
Xoops
Article_module, Articles_module, Cjay_content_module, Core_module, Eempregos_module, Flashgames_module, Friendfinder_module, Glossaire_module, Happy_linux_xfsection_module, Horoscope_module
2017-09-29
N/A
N/A
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
« Previous 1 … 12 13 14 15 16 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE