Export limit exceeded: 361952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6371 | 1 Ocean12tech | 1 Membership Manager Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter). | ||||
| CVE-2008-6538 | 1 Holger Schurig | 1 Destar | 2026-04-23 | N/A |
| DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser. | ||||
| CVE-2008-6372 | 1 Ocean12tech | 1 Faq Manager Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2450 | 1 Tallemu | 2 Online Armor Personal Firewall Av\+, Personal Firewall | 2026-04-23 | N/A |
| The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL. | ||||
| CVE-2009-3082 | 1 Snowhall | 1 Silurus System | 2026-04-23 | N/A |
| SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6373 | 1 Nagios | 1 Nagios | 2026-04-23 | N/A |
| Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | ||||
| CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2026-04-23 | N/A |
| JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | ||||
| CVE-2008-3299 | 1 Esyndicat | 1 Esyndicat | 2026-04-23 | N/A |
| eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6376 | 1 Nexusjnr | 1 Jbook | 2026-04-23 | N/A |
| SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). | ||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | ||||
| CVE-2008-3305 | 1 Carlos Desseno | 1 Youtube Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | ||||
| CVE-2008-6378 | 1 Mxmania | 1 Calendar Mx Professional | 2026-04-23 | N/A |
| SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2008-3308 | 1 Carlos Desseno | 1 Youtube Blog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter. | ||||
| CVE-2008-6379 | 1 Mxmania | 1 Gallery Mx | 2026-04-23 | N/A |
| SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2008-6380 | 1 Activewebsoftwares | 1 Active Web Helpdesk | 2026-04-23 | N/A |
| SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | ||||
| CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2026-04-23 | N/A |
| ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | ||||
| CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | ||||
| CVE-2008-3313 | 1 Creacms | 1 Creacms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6386 | 1 1scripts | 1 Z1exchange | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2026-04-23 | N/A |
| Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | ||||