Export limit exceeded: 346182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5784 | 1 V3chat | 1 V3 Chat Profiles Dating Script | 2026-04-23 | 9.8 Critical |
| V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | ||||
| CVE-2009-2792 | 1 Joshua Oliver | 1 Really Simple Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | ||||
| CVE-2009-4117 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5603 | 1 Aspapps | 1 Aspticker | 2026-04-23 | N/A |
| ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | ||||
| CVE-2008-5785 | 1 V3chat | 1 V3 Chat Profiles Dating Script | 2026-04-23 | N/A |
| SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | ||||
| CVE-2008-5618 | 1 Rsyslog | 1 Rsyslog | 2026-04-23 | N/A |
| imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages. | ||||
| CVE-2008-5786 | 1 Infrae | 2 Silva, Silva Find | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter. | ||||
| CVE-2008-5627 | 1 Activewebsoftwares | 1 Active Trade | 2026-04-23 | N/A |
| SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5631 | 1 Activewebsoftwares | 1 Active Ewebquiz | 2026-04-23 | N/A |
| SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5633 | 1 Activewebsoftwares | 1 Activevotes | 2026-04-23 | N/A |
| SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5635 | 1 Activewebsoftwares | 1 Active Membership | 2026-04-23 | N/A |
| SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5787 | 2 Arabportal, Microsoft | 2 Arab Portal, Windows | 2026-04-23 | N/A |
| Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action. | ||||
| CVE-2008-5644 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2008-5788 | 1 Domainsellerpro | 1 Domain Seller Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5653 | 1 Myiosoft.com | 1 Ajaxportal | 2026-04-23 | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5789 | 2 Joomla, Recly | 2 Joomla, Interactive Feederator | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. | ||||
| CVE-2008-5661 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference. | ||||
| CVE-2008-5664 | 1 Realtek | 1 Realtek Media Player | 2026-04-23 | N/A |
| Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file. | ||||
| CVE-2008-5790 | 2 Joomla, Recly | 2 Joomla, Competitions | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. | ||||
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2026-04-23 | N/A |
| Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | ||||