Export limit exceeded: 346174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2097 | 1 Zokisoft | 1 Zoki Catalog | 2026-04-23 | N/A |
| SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3735 | 1 Phpizabi | 1 Phpizabi | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action. | ||||
| CVE-2008-3736 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations. | ||||
| CVE-2008-3737 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2026-04-23 | N/A |
| Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact. | ||||
| CVE-2008-3738 | 1 Spacetag | 1 Lacoodast | 2026-04-23 | 9.1 Critical |
| Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2009-2105 | 1 Kasper Skrhj | 1 References Database | 2026-04-23 | N/A |
| SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-3739 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences. | ||||
| CVE-2009-2106 | 2 Projektseminar Proservice Wwu, Typo3 | 2 Virtual Civil Services, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-3740 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3741 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. | ||||
| CVE-2008-3747 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. | ||||
| CVE-2008-3742 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. | ||||
| CVE-2008-3752 | 1 Yourfreeworld | 1 Ad-exchange Script | 2026-04-23 | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3743 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | ||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | ||||
| CVE-2008-3746 | 1 Webdav | 1 Neon | 2026-04-23 | N/A |
| neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. | ||||
| CVE-2008-3641 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2026-04-23 | N/A |
| The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | ||||
| CVE-2009-2008 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | ||||
| CVE-2008-3640 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. | ||||
| CVE-2008-3637 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | 8.8 High |
| The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | ||||