CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-7933 A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Ha... | 7.3 | HIGH | — | 0 |
| CVE-2008-1247 The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a ... | N/A | NONE | — | 0 |
| CVE-2008-1248 The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440. | N/A | NONE | — | 0 |
| CVE-2008-1249 snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, qu... | N/A | NONE | — | 0 |
| CVE-2008-1250 Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as d... | N/A | NONE | — | 0 |
| CVE-2008-1251 Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vect... | N/A | NONE | — | 0 |
| CVE-2008-1252 b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source. | N/A | NONE | — | 0 |
| CVE-2008-1253 Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated ... | N/A | NONE | — | 0 |
| CVE-2008-1254 Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified ... | N/A | NONE | — | 0 |
| CVE-2008-1255 The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously ... | N/A | NONE | — | 0 |
| CVE-2008-1256 The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access. | N/A | NONE | — | 0 |
| CVE-2025-8442 A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipul... | 7.3 | HIGH | — | 0 |
| CVE-2008-1257 Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. | N/A | NONE | — | 0 |
| CVE-2008-1258 Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. | N/A | NONE | — | 0 |
| CVE-2008-1259 The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP ... | N/A | NONE | — | 0 |
| CVE-2008-1260 Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet ... | N/A | NONE | — | 0 |
| CVE-2008-1261 The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current lo... | N/A | NONE | — | 0 |
| CVE-2008-1262 The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2)... | N/A | NONE | — | 0 |
| CVE-2008-1263 The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-le... | N/A | NONE | — | 0 |
| CVE-2008-1264 The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executa... | N/A | NONE | — | 0 |
| CVE-2008-1265 The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | N/A | NONE | — | 0 |
| CVE-2008-1266 Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long u... | N/A | NONE | — | 0 |
| CVE-2025-7934 A vulnerability, which was classified as critical, has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the function queryPage of the file pla... | 6.3 | MEDIUM | — | 0 |
| CVE-2008-1267 The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length fi... | N/A | NONE | — | 0 |
| CVE-2008-1268 The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary usernam... | N/A | NONE | — | 0 |
| CVE-2008-1269 cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain requ... | N/A | NONE | — | 0 |
| CVE-2008-1270 mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody ... | N/A | NONE | — | 0 |
| CVE-2008-1161 Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a M... | N/A | NONE | — | 0 |
| CVE-2008-1218 Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing T... | N/A | NONE | — | 0 |
| CVE-2008-1272 Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter ... | N/A | NONE | — | 0 |
| CVE-2008-1273 Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/... | N/A | NONE | — | 0 |
| CVE-2008-1274 Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory. | N/A | NONE | — | 0 |
| CVE-2008-1275 Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to caus... | N/A | NONE | — | 0 |
| CVE-2008-1276 Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code vi... | N/A | NONE | — | 0 |
| CVE-2008-1277 The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND com... | N/A | NONE | — | 0 |
| CVE-2008-1278 The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, ... | N/A | NONE | — | 0 |
| CVE-2008-1279 Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of serv... | N/A | NONE | — | 0 |
| CVE-2008-1280 Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of servi... | N/A | NONE | — | 0 |
| CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2008-1281 Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files vi... | N/A | NONE | — | 0 |
| CVE-2008-1282 Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter. | N/A | NONE | — | 0 |
| CVE-2008-1283 Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page. | N/A | NONE | — | 0 |
| CVE-2008-1284 Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to rea... | N/A | NONE | — | 0 |
| CVE-2008-1285 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2008-1286 Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown... | N/A | NONE | — | 0 |
| CVE-2008-1287 IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | N/A | NONE | — | 0 |
| CVE-2008-1288 IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | N/A | NONE | — | 0 |
| CVE-2007-1201 Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger ... | N/A | NONE | — | 0 |
| CVE-2008-0110 Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. | N/A | NONE | — | 0 |
| CVE-2008-0111 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.