Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6274 | 1 Mjcreation | 1 Familyproject | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6285 | 1 Businessvein | 1 Php Tv Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter. | ||||
| CVE-2008-6287 | 1 Getmiro | 1 Broadcast Machine | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/. | ||||
| CVE-2008-6288 | 1 Interface-medien | 1 Ibase | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2008-6726 | 1 Cmscout | 1 Cmscout | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415. | ||||
| CVE-2009-0541 | 1 Magentocommerc | 1 Magento | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/. | ||||
| CVE-2009-0740 | 1 Frankmancuso | 1 Bluebird | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | ||||
| CVE-2009-1314 | 1 Webfileexplorer | 1 Web File Explorer | 2026-04-23 | N/A |
| body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension. | ||||
| CVE-2009-1316 | 1 Abk-soft | 1 Ablespace | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php. | ||||
| CVE-2009-1317 | 1 Aquacms | 1 Aqua Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php. | ||||
| CVE-2009-1321 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | ||||
| CVE-2009-2408 | 6 Canonical, Debian, Mozilla and 3 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2026-04-23 | 5.9 Medium |
| Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||||
| CVE-2008-0335 | 1 Bugtracker.net | 1 Bugtracker.net | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. | ||||
| CVE-2008-6111 | 1 Netart Media | 1 Vlog System | 2026-04-23 | N/A |
| SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter. | ||||
| CVE-2007-0304 | 1 Mint | 1 Haber Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-0534 | 1 Flexcms | 1 Flexcms | 2026-04-23 | N/A |
| SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter. | ||||
| CVE-2007-0305 | 1 Okulsistem Okul Web | 1 Otomasyon Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-4056 | 1 Betsy | 1 Betsy Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter. | ||||
| CVE-2007-0306 | 1 Digiappz | 1 Digiaffiliate | 2026-04-23 | N/A |
| SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0340 | 1 Thwboard | 1 Thwboard | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. | ||||