Search Results (363261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5780 1 Hostforest 1 Forest Blog 2026-04-23 N/A
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
CVE-2008-5781 1 Cfagcms 1 Cfagcms 2026-04-23 N/A
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2009-0438 2 Ibm, Microsoft 2 Websphere Application Server, Windows 2026-04-23 N/A
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412.
CVE-2008-5787 2 Arabportal, Microsoft 2 Arab Portal, Windows 2026-04-23 N/A
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
CVE-2009-0439 1 Ibm 1 Websphere Mq 2026-04-23 N/A
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
CVE-2008-5788 1 Domainsellerpro 1 Domain Seller Pro 2026-04-23 N/A
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5789 2 Joomla, Recly 2 Joomla, Interactive Feederator 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.
CVE-2009-0440 1 Ibm 1 Websphere Partner Gateway 2026-04-23 N/A
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
CVE-2008-5791 1 Prestashop 1 Prestashop 2026-04-23 N/A
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
CVE-2008-5792 1 Indisguise 1 Indiscripts Enthusiast 2026-04-23 N/A
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
CVE-2009-0441 1 Technote 1 Technote 2026-04-23 N/A
PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138.
CVE-2009-0445 1 Dreampics 1 Gallery Builder 2026-04-23 N/A
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
CVE-2009-0799 5 Apple, Foolabs, Glyphandcog and 2 more 5 Cups, Xpdf, Xpdfreader and 2 more 2026-04-23 N/A
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
CVE-2008-5795 1 Typo3 2 Eluna Page Comments Extension, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-0446 1 Web-album 1 Webalbum 2026-04-23 N/A
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5796 1 Typo3 2 Eluna Page Comments Extension, Typo3 2026-04-23 N/A
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0447 1 Aspindir 1 Mydesign Sayac 2026-04-23 N/A
Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information.
CVE-2009-0800 5 Apple, Foolabs, Glyphandcog and 2 more 5 Cups, Xpdf, Xpdfreader and 2 more 2026-04-23 N/A
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-0928 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.
CVE-2008-5797 1 Typo3 2 Advcalendar Extension, Typo3 2026-04-23 N/A
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.