• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-1054
Netwin, Surgemail
Cwmail, Dmail, Dmailweb, Dnews, Dnewsweb, Netauth, Smsgate, Surgeftp, Surgeldap, Surgemail
2018-10-11
N/A
N/A
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
CVE-2008-1053
Kose Yazilari Module, Phpnuke
4nchat, 4ndvddb, Book, Easycontent_module, Kose_yazilari_module, Kutubisitte_component, Myheadlines, Nukestyles_viewpage_module, Okul_module, Php-nuke
2017-09-29
N/A
N/A
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
CVE-2008-1052
Netwin, Surgeftp
Cwmail, Dmail, Dmailweb, Dnews, Dnewsweb, Netauth, Smsgate, Surgeftp, Surgeldap, Surgemail
2018-10-11
N/A
N/A
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
CVE-2008-1051
2017-09-29
N/A
N/A
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
CVE-2008-1050
2018-10-11
N/A
N/A
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
CVE-2008-1049
2017-08-08
N/A
N/A
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.
CVE-2008-1048
2017-08-08
N/A
N/A
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
CVE-2008-1047
2012-10-24
N/A
N/A
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-1046
2017-09-29
N/A
N/A
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
CVE-2008-1045
2018-10-11
N/A
N/A
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.
« Previous 1 … 614 615 616 617 618 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE