Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349538 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6438 | 2 E107, E107coders | 2 E107, Macguru Blog Engine Plugin | 2026-04-23 | N/A |
| SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected. | ||||
| CVE-2008-6435 | 1 Phpsqlitecms | 1 Phpsqlitecms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php. | ||||
| CVE-2008-6431 | 1 Bmforum | 1 Bmforum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php. | ||||
| CVE-2008-6430 | 1 Joomla | 2 Com Mycontent, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
| CVE-2008-6422 | 1 Psychostats | 1 Psychostats | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. | ||||
| CVE-2007-4616 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. | ||||
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | ||||
| CVE-2008-6411 | 1 Explay | 1 Explay Cms | 2026-04-23 | N/A |
| Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. | ||||
| CVE-2007-4615 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | ||||
| CVE-2008-6410 | 1 Brian Wilson | 1 Ol\'bookmarks | 2026-04-23 | N/A |
| Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | ||||
| CVE-2008-6409 | 1 Brian Wilson | 1 Ol\'bookmarks | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action. | ||||
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | ||||
| CVE-2007-4613 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. | ||||
| CVE-2008-6404 | 1 Extrosoft | 1 Thyme | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | ||||
| CVE-2008-6403 | 1 Openrat | 1 Openrat | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter. | ||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | ||||
| CVE-2008-6401 | 1 Jetik | 1 Jetik-web | 2026-04-23 | N/A |
| SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter. | ||||
| CVE-2007-4031 | 1 Nessus | 1 Vulnerability Scanner | 2026-04-23 | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. | ||||
| CVE-2007-4609 | 1 Eyeos Project | 1 Eyeos | 2026-04-23 | N/A |
| eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. | ||||
| CVE-2007-4021 | 1 Brain Book Software | 1 Software Secure | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. | ||||