Export limit exceeded: 362453 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19631 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0139 | 1 Loudblog | 1 Loudblog | 2026-04-23 | N/A |
| Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. | ||||
| CVE-2008-0144 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. | ||||
| CVE-2008-0873 | 1 Jlmzone | 1 Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. | ||||
| CVE-2008-0147 | 1 Smallnuke | 1 Smallnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. | ||||
| CVE-2008-1398 | 1 Auracms | 1 Auracms | 2026-04-23 | N/A |
| SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | ||||
| CVE-2008-0446 | 1 Julian Pawlowski | 1 Lulieblog | 2026-04-23 | N/A |
| SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-0447 | 1 Foojan | 1 Php Weblog | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. | ||||
| CVE-2009-3309 | 1 Cfshopkart | 1 Cf Shopkart | 2026-04-23 | N/A |
| SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320. | ||||
| CVE-2008-3582 | 1 Keld | 1 Php-mysql News Script | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2026-04-23 | N/A |
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1408 | 1 Phpbp | 1 Phpbp | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action. | ||||
| CVE-2007-5180 | 1 Ohesa Emlak Portali | 1 Ohesa Emlak Portali | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp. | ||||
| CVE-2007-5181 | 1 Netkamp | 1 Netkamp Emlak Scripti | 2026-04-23 | N/A |
| SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter. | ||||
| CVE-2007-5222 | 1 Maxdev | 1 Mdpro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header. | ||||
| CVE-2008-0487 | 1 The Net Guys | 1 Aspired2protect | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0490 | 1 Wordpress | 1 Wp Cal Plugin | 2026-04-23 | N/A |
| SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-0491 | 1 Fgallery Project | 1 Fgallery | 2026-04-23 | N/A |
| SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter. | ||||
| CVE-2008-1843 | 1 W2b | 1 Dating Club | 2026-04-23 | N/A |
| SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action. | ||||
| CVE-2008-5496 | 1 Pozscripts | 1 Business Directory Script | 2026-04-23 | N/A |
| SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2009-3259 | 1 Thomas Cuchta | 1 Rash | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||