Export limit exceeded: 363284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5813 1 Spip 1 Spip 2026-04-23 N/A
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0463 1 Groonesworld 1 Glinks 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2009-0803 1 Smoothwall 3 Networkguardian, Schoolguardian, Smoothguardian 2026-04-23 N/A
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVE-2008-5815 1 Phpalumni 1 Phpalumni 2026-04-23 N/A
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5816 1 Ilias 1 Ilias 2026-04-23 N/A
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
CVE-2008-5817 1 Web Scribble Solutions 1 Webclassifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
CVE-2008-5818 1 Edreamers 1 Edcontainer 2026-04-23 N/A
Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-2742 1 Labs.beffa.org 1 W2box 2026-04-23 N/A
Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg.
CVE-2008-5820 1 Edreamers 1 Ednews 2026-04-23 N/A
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-5825 1 Nokia 1 6131 Nfc 2026-04-23 N/A
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.
CVE-2007-5620 1 Zehnet 1 Zz Flashchat 2026-04-23 N/A
Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter.
CVE-2008-5826 1 Nokia 1 6131 Nfc 2026-04-23 N/A
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.
CVE-2008-2997 1 Gravityboardx 1 Gravity Board X 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.
CVE-2008-5827 1 Nokia 1 6131 Nfc 2026-04-23 N/A
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.
CVE-2008-5840 1 Phpicalendar 2 Phpicalendar, Phpicalendar2.0 2026-04-23 N/A
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.
CVE-2008-5828 1 Microsoft 1 Windows Live Messenger 2026-04-23 N/A
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
CVE-2008-3676 1 Hmailserver 1 Hmailserver 2026-04-23 N/A
Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
CVE-2008-5838 1 Ephpscripts 1 E-shop Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-5842 1 Fujitsu-siemens 1 Webtransactions 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application."
CVE-2008-5845 1 Sixapart 1 Movable Type 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.