Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6403 1 Openrat 1 Openrat 2026-04-23 N/A
PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter.
CVE-2008-6404 1 Extrosoft 1 Thyme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2008-6405 1 Greatclone 1 Hotscripts Clone 2026-04-23 N/A
SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-6406 1 Datalifecms 1 Datalife Engine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-6407 1 Brian Wilson 1 Ol\'bookmarks 2026-04-23 N/A
Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.
CVE-2008-6408 1 Brian Wilson 1 Ol\'bookmarks 2026-04-23 N/A
PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.
CVE-2008-6409 1 Brian Wilson 1 Ol\'bookmarks 2026-04-23 N/A
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
CVE-2008-6410 1 Brian Wilson 1 Ol\'bookmarks 2026-04-23 N/A
Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
CVE-2008-6411 1 Explay 1 Explay Cms 2026-04-23 N/A
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
CVE-2008-6412 1 Vignette 1 Vignette Content Management 2026-04-23 N/A
Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors.
CVE-2008-6413 2 Drupal, Ticklespace 2 Drupal, Answers Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.
CVE-2008-6414 1 Aj Square 1 Aj Auction 2026-04-23 N/A
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2008-6415 1 Youngzsoft 1 Ccproxy 2026-04-23 N/A
Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.
CVE-2008-6416 1 Greensql 1 Greensql-console 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages."
CVE-2008-6417 1 Greensql 1 Greensql-console 2026-04-23 N/A
Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors.
CVE-2008-6418 1 Torrenttrader 1 Torrenttrader 2026-04-23 N/A
SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
CVE-2008-6419 1 Socialsitegenerator 1 Social Site Generator 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php.
CVE-2008-6420 1 Socialsitegenerator 1 Social Site Generator 2026-04-23 N/A
Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php.
CVE-2008-6421 1 Socialsitegenerator 1 Social Site Generator 2026-04-23 N/A
PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2008-6422 1 Psychostats 1 Psychostats 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.