Export limit exceeded: 346175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6584 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | ||||
| CVE-2008-6586 | 1 Utorrent | 1 Utorrent Webui | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action. | ||||
| CVE-2008-6587 | 1 Vuze | 1 Vuze | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter. | ||||
| CVE-2009-2919 | 1 Boonex | 1 Orca | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | ||||
| CVE-2009-4170 | 2 Roytanck, Wordpress | 2 Wp-cumulus, Wordpress | 2026-04-23 | N/A |
| WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message. | ||||
| CVE-2008-6595 | 1 Typo3 | 1 Pmk Rssnewsexport Extension | 2026-04-23 | N/A |
| SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-2920 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php. | ||||
| CVE-2008-6604 | 1 Picoflat | 1 Picoflat Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390. | ||||
| CVE-2009-2921 | 1 Mocdesigns | 1 Php News | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). | ||||
| CVE-2008-6605 | 1 2wire | 4 1701hg, 1800hw, 2071hg and 1 more | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character. | ||||
| CVE-2008-6612 | 1 Abweb | 1 Minimal-ablog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/. | ||||
| CVE-2009-2922 | 1 Pixaria | 1 Pixaria Gallery | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. | ||||
| CVE-2009-4171 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument. | ||||
| CVE-2008-6614 | 1 Impliedbydesign | 1 Ibd Micro Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field). | ||||
| CVE-2009-2926 | 1 Phpcompet.free | 1 Php Competition System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php. | ||||
| CVE-2009-4172 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action. | ||||
| CVE-2008-6616 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2927 | 1 Digitalspinners | 1 Ds Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter. | ||||
| CVE-2008-6620 | 1 Grafxsoftware | 1 Minicwb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters. | ||||
| CVE-2009-2928 | 1 Tgs-cms | 1 Tgs Content Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839. | ||||