Export limit exceeded: 346164 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346164 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0283 | 1 Domphp | 1 Domphp | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2008-0284 | 1 Simple Machines | 1 Simple Machines Smf | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. | ||||
| CVE-2008-0285 | 1 Ngircd | 1 Ngircd | 2026-04-23 | N/A |
| ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. | ||||
| CVE-2008-0286 | 1 Article Dashboard | 1 Article Dashboard | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. | ||||
| CVE-2008-0287 | 1 Visionburst | 1 Vcart | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. | ||||
| CVE-2008-0288 | 1 Imagealbum | 1 Imagealbum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. | ||||
| CVE-2009-3789 | 1 Opendocman | 1 Opendocman | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php. | ||||
| CVE-2009-4059 | 2 .joomclan, Joomla | 2 Com Joomclip, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php. | ||||
| CVE-2008-0291 | 1 Hangzhou Rui-qiang | 1 Richstrong Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2008-0292 | 1 Dansie | 1 Photo Album | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0246 | 1 Uploadscript | 2 Uploadimage, Uploadscript | 2026-04-23 | N/A |
| admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | ||||
| CVE-2009-3781 | 1 Quicksketch | 1 Filefield | 2026-04-23 | N/A |
| The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. | ||||
| CVE-2008-2924 | 1 Valarsoft | 1 Webmatic | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-0244 | 1 Sap | 1 Maxdb | 2026-04-23 | N/A |
| SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. | ||||
| CVE-2008-0243 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2008-0242 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. | ||||
| CVE-2008-0241 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. | ||||
| CVE-2008-0240 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." | ||||
| CVE-2008-0239 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. | ||||
| CVE-2008-2922 | 1 T0pp8uzz | 1 Dana Irc Client | 2026-04-23 | N/A |
| Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message. | ||||