Export limit exceeded: 346183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0461 | 1 Wholehogsoftware | 1 Password Protect | 2026-04-23 | N/A |
| Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | ||||
| CVE-2008-5810 | 1 Fujitsu-siemens | 1 Webtransactions | 2026-04-23 | N/A |
| WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs. | ||||
| CVE-2008-5811 | 1 Joomla | 2 Com Paxgallery, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php. | ||||
| CVE-2008-5812 | 1 Spip | 1 Spip | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors. | ||||
| CVE-2009-0462 | 1 Clicktech | 1 Clickcart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5813 | 1 Spip | 1 Spip | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5814 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. | ||||
| CVE-2009-0463 | 1 Groonesworld | 1 Glinks | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
| CVE-2009-0803 | 1 Smoothwall | 3 Networkguardian, Schoolguardian, Smoothguardian | 2026-04-23 | N/A |
| SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | ||||
| CVE-2008-5815 | 1 Phpalumni | 1 Phpalumni | 2026-04-23 | N/A |
| SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5816 | 1 Ilias | 1 Ilias | 2026-04-23 | N/A |
| SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter. | ||||
| CVE-2009-0464 | 1 Groonesworld | 1 Gbook | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
| CVE-2009-0804 | 1 Ziproxy | 1 Ziproxy | 2026-04-23 | N/A |
| Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | ||||
| CVE-2008-5817 | 1 Web Scribble Solutions | 1 Webclassifieds | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action. | ||||
| CVE-2008-5818 | 1 Edreamers | 1 Edcontainer | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5819 | 1 Edreamers | 1 Ednews | 2026-04-23 | N/A |
| Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5820 | 1 Edreamers | 1 Ednews | 2026-04-23 | N/A |
| SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | ||||
| CVE-2008-5822 | 1 Mozilla | 2 Firefox, Libxul | 2026-04-23 | N/A |
| Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document. | ||||
| CVE-2008-5823 | 1 Microsoft | 2 Money, Windows Vista | 2026-04-23 | N/A |
| An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. | ||||
| CVE-2008-5825 | 1 Nokia | 1 6131 Nfc | 2026-04-23 | N/A |
| The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. | ||||