Export limit exceeded: 361952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6764 | 1 Hypersilence | 1 Silentum Loginsys | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2008-6793 | 1 Dflabs | 1 Ptk | 2026-04-23 | N/A |
| The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | ||||
| CVE-2008-6809 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2026-04-23 | N/A |
| SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter. | ||||
| CVE-2008-6817 | 1 Mole-group | 1 Lastminute Script | 2026-04-23 | N/A |
| Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6824 | 1 A-link | 2 Wl54ap2, Wl54ap3 | 2026-04-23 | N/A |
| The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-6825 | 1 Trixbox | 1 Trixbox | 2026-04-23 | N/A |
| Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter. | ||||
| CVE-2008-6654 | 1 Structum | 1 Infobiz Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | ||||
| CVE-2008-6646 | 1 Coronamatrix | 1 Phpaddressbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2008-6645 | 1 Opencosmo | 1 Visualsentinel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER ['HTTP_USER_AGENT']), which is not properly handled when displaying log files. | ||||
| CVE-2008-6639 | 1 Ajaxplorer | 1 Ajaxplorer | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action. | ||||
| CVE-2008-6634 | 1 Beaussier | 1 Roomphplanning | 2026-04-23 | N/A |
| SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php. | ||||
| CVE-2008-6633 | 1 Beaussier | 1 Roomphplanning | 2026-04-23 | N/A |
| SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php. | ||||
| CVE-2008-6632 | 1 Mercuryboard | 1 Mercuryboard | 2026-04-23 | N/A |
| SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']). | ||||
| CVE-2008-6627 | 1 Webbdomain | 1 Webshop | 2026-04-23 | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-6626 | 1 Webbdomain | 1 Quiz | 2026-04-23 | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-6625 | 1 Webbdomain | 1 Polls | 2026-04-23 | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-6624 | 1 Webbdomain | 1 Petition | 2026-04-23 | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-6623 | 1 Webbdomain | 1 Post Card | 2026-04-23 | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-6622 | 1 Webbdomian | 1 Post Card | 2026-04-23 | N/A |
| SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2008-6619 | 1 Netlab | 1 Classsystem | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/. | ||||