Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2193 | 1 Scorpnews | 1 Scorpnews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | ||||
| CVE-2008-2194 | 1 Deluxebb | 1 Deluxebb | 2026-04-23 | N/A |
| SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2008-2195 | 1 Deluxebb | 1 Deluxebb | 2026-04-23 | N/A |
| Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI. | ||||
| CVE-2009-4365 | 1 Scriptsez | 1 Ez Blog | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action. | ||||
| CVE-2008-2196 | 1 Lifetype | 1 Lifetype | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178. | ||||
| CVE-2008-2197 | 1 Miniweb2 | 1 Blog Writer | 2026-04-23 | N/A |
| SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php. | ||||
| CVE-2008-2199 | 1 Kkeim | 1 Kmita Mail | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2008-2201 | 1 Maianscriptworld | 1 Maian Recipe | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. | ||||
| CVE-2008-2203 | 1 Maianscriptworld | 1 Maian Search | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | ||||
| CVE-2009-4366 | 1 Scriptsez | 1 Ez Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action. | ||||
| CVE-2008-2205 | 1 Maianscriptworld | 1 Maian Music | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. | ||||
| CVE-2008-2206 | 1 Maianscriptworld | 1 Maian Music | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php. | ||||
| CVE-2008-2207 | 1 Maianscriptworld | 1 Maian Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | ||||
| CVE-2008-2208 | 1 Maianscriptworld | 1 Maian Greeting | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | ||||
| CVE-2008-2209 | 1 Maianscriptworld | 1 Maian Greeting | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters. | ||||
| CVE-2008-2210 | 1 Maianscriptworld | 1 Maian Support | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php. | ||||
| CVE-2008-2211 | 1 Maianscriptworld | 1 Maian Guestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. | ||||
| CVE-2008-2338 | 1 Interspire | 1 Activekb | 2026-04-23 | N/A |
| Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. | ||||
| CVE-2009-4367 | 1 Sitecore | 1 Staging Module | 2026-04-23 | N/A |
| The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request. | ||||
| CVE-2008-2213 | 1 Maianscriptworld | 1 Maian Links | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. | ||||