Total
11423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6547 | 1 Formencode | 1 Formencode | 2026-06-16 | 7.5 HIGH | N/A |
| schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2008-6541 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors. | |||||
| CVE-2008-6538 | 1 Holger Schurig | 1 Destar | 2026-06-16 | 5.0 MEDIUM | N/A |
| DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser. | |||||
| CVE-2008-6534 | 1 Vwsolutions | 1 Null Ftp | 2026-06-16 | 7.1 HIGH | N/A |
| Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument. | |||||
| CVE-2008-6528 | 1 Tmaxsoft | 1 Jeus | 2026-06-16 | 5.0 MEDIUM | N/A |
| NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream. | |||||
| CVE-2008-6511 | 1 Igniterealtime | 1 Openfire | 2026-06-16 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||||
| CVE-2008-6504 | 2 Apache, Opensymphony | 2 Struts, Xwork | 2026-06-16 | 5.0 MEDIUM | N/A |
| ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. | |||||
| CVE-2008-6497 | 1 Tp | 1 Neostrada Livebox Adsl Router | 2026-06-16 | 7.8 HIGH | N/A |
| The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. | |||||
| CVE-2008-6492 | 1 Tizag | 1 Tizag Countdown Creator | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6490 | 1 Flysforum | 1 Flaber | 2026-06-16 | 7.5 HIGH | N/A |
| function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php. | |||||
| CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2026-06-16 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | |||||
| CVE-2008-6298 | 1 Rocketeer.dip | 1 Sisapilocation | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | |||||
| CVE-2008-6207 | 1 Phpg Upload | 1 Phpg Upload | 2026-06-16 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in form_upload.php in PHPG Upload 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6185 | 1 Noticeware | 1 Noticeware Email Server Ng | 2026-06-16 | 5.0 MEDIUM | N/A |
| NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command. | |||||
| CVE-2008-6175 | 1 K2sxs | 1 Silvershield | 2026-06-16 | 5.0 MEDIUM | N/A |
| SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command. | |||||
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2026-06-16 | 9.3 HIGH | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
| CVE-2008-6122 | 1 Netgear | 1 Wgr614 | 2026-06-16 | 7.8 HIGH | N/A |
| The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). | |||||
| CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2026-06-16 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | |||||
| CVE-2008-6119 | 1 Goople Cms | 1 Goople Cms | 2026-06-16 | 7.5 HIGH | N/A |
| Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | |||||