Export limit exceeded: 352414 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352414 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6135 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2026-04-23 | N/A |
| Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | ||||
| CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | ||||
| CVE-2008-6139 | 1 Webbiscuits | 1 Modules Controller | 2026-04-23 | N/A |
| Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. | ||||
| CVE-2008-6140 | 1 Avaya | 1 One-x | 2026-04-23 | N/A |
| Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | ||||
| CVE-2008-6141 | 1 Avaya | 1 Ip Soft Phone | 2026-04-23 | N/A |
| Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data. | ||||
| CVE-2008-6142 | 1 China-on-site | 1 Flexphpic | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | ||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2026-04-23 | N/A |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | ||||
| CVE-2008-6144 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | ||||
| CVE-2008-6145 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6147 | 1 Aspapp | 1 Forumapp | 2026-04-23 | N/A |
| ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. | ||||
| CVE-2008-6148 | 2 Joomla, Raven-worx | 2 Joomla, Liveticker | 2026-04-23 | N/A |
| SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php. | ||||
| CVE-2008-6149 | 2 Joomla, Joomlaapps | 2 Joomla, Com Mdigg | 2026-04-23 | N/A |
| SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php. | ||||
| CVE-2008-6150 | 1 Sepcity | 1 Classified Ads | 2026-04-23 | N/A |
| SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2008-6151 | 1 Sepcity | 1 Shopping Mall | 2026-04-23 | N/A |
| SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2008-6152 | 1 Sepcity | 1 Faculty Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file. | ||||
| CVE-2008-6153 | 1 Jayeshp | 1 Pixel8 Web Photo Album | 2026-04-23 | N/A |
| SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | ||||
| CVE-2008-6155 | 1 Hispah | 1 Text Links Ads | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6156 | 1 Formfields | 1 Adman | 2026-04-23 | N/A |
| SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter. | ||||