Export limit exceeded: 346175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0938 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." | ||||
| CVE-2008-6034 | 1 Achievo | 1 Achievo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6035 | 1 Achievo | 1 Achievo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter. | ||||
| CVE-2008-6036 | 1 Basebuilder | 1 Basebuilder | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. | ||||
| CVE-2008-6037 | 1 Availscript | 1 Availscript Article Script | 2026-04-23 | N/A |
| SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter. | ||||
| CVE-2008-6038 | 1 Mapcal | 1 Mapcal | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php. | ||||
| CVE-2008-6040 | 1 Agares Media | 1 Arcadem Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php. | ||||
| CVE-2009-0939 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. | ||||
| CVE-2008-6041 | 1 Dataspade | 1 Dataspade | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters. | ||||
| CVE-2008-6042 | 1 Netartmedia | 1 Real Estate Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php. | ||||
| CVE-2008-6043 | 1 Phpprobid | 1 Php Pro Bid | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0828 | 1 Freedville | 1 Quotebook | 2026-04-23 | N/A |
| QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. | ||||
| CVE-2008-6044 | 1 Xt-commerce | 1 Xt-commerce | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | ||||
| CVE-2008-6045 | 1 Xt-commerce | 1 Xt-commerce | 2026-04-23 | N/A |
| Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | ||||
| CVE-2008-6046 | 1 Adbnewssender Project | 1 Adbnewssender | 2026-04-23 | N/A |
| SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/. | ||||
| CVE-2009-0530 | 1 Electrictoad | 1 Snippetmaster Webpage Editor | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php. | ||||
| CVE-2008-6047 | 1 Adbnewssender | 1 Adbnewssender | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing. | ||||
| CVE-2009-0531 | 1 Ontarioabandonedplaces | 1 A Better Member-based Asp Photo Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. | ||||
| CVE-2008-6052 | 1 Preprojects | 1 Pre E-learning Portal | 2026-04-23 | N/A |
| PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-6056 | 1 Ex-designs | 1 World Recipe | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx. | ||||