Export limit exceeded: 361553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4720 | 1 Arzdev | 1 Gemini Portal | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php. | ||||
| CVE-2008-6416 | 1 Greensql | 1 Greensql-console | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages." | ||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2026-04-23 | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | ||||
| CVE-2008-6417 | 1 Greensql | 1 Greensql-console | 2026-04-23 | N/A |
| Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors. | ||||
| CVE-2008-6418 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | ||||
| CVE-2008-6419 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php. | ||||
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | ||||
| CVE-2008-6421 | 1 Socialsitegenerator | 1 Social Site Generator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2008-6422 | 1 Psychostats | 1 Psychostats | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. | ||||
| CVE-2008-6423 | 1 I-apps | 1 Passwiki | 2026-04-23 | N/A |
| Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter. | ||||
| CVE-2008-6424 | 1 Jun Sota | 1 Ffftp | 2026-04-23 | N/A |
| Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot). | ||||
| CVE-2008-6425 | 1 Comicshout | 1 Comicshout | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456. | ||||
| CVE-2008-6427 | 1 Hivemaker | 1 Hivemaker | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2008-6428 | 1 Kayalang | 1 Kaya | 2026-04-23 | N/A |
| The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2026-04-23 | N/A |
| SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. | ||||
| CVE-2008-4722 | 1 Sun | 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors. | ||||
| CVE-2008-4723 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4724 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6430 | 1 Joomla | 2 Com Mycontent, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
| CVE-2008-4725 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. | ||||