Search Results (364891 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6213 1 Harlandscripts 1 Pro Traffic One 2026-04-23 N/A
SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter.
CVE-2008-6214 1 Harlandscripts 1 Pro Traffic One 2026-04-23 N/A
SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6215 1 Bookingcentre 1 Booking System For Hotels Group 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
CVE-2008-6216 1 Bookingcentre 1 Booking System For Hotels Group 2026-04-23 N/A
SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.
CVE-2008-6217 1 Extrakt 1 Extrakt Framework 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6218 1 Libpng 1 Libpng 2026-04-23 N/A
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
CVE-2008-6219 1 Emc 5 Networker Client, Networker Module, Networker Powersnap and 2 more 2026-04-23 N/A
nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
CVE-2008-6220 1 Cafuego 1 Simple Document Management System 2026-04-23 N/A
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.
CVE-2008-6221 2 Dadamailproject, Joomla 2 Dada Mail Manager, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2008-6222 2 Joomla, Joomlashowroom 2 Joomla, Pro Desk Support Center 2026-04-23 N/A
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
CVE-2008-6223 1 Wotw 1 Way Of The Warrior 2026-04-23 N/A
PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
CVE-2008-6224 1 Samelinux 1 Way Of The Warrior 2026-04-23 N/A
Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.
CVE-2008-6225 1 Mole-group 1 Airline Ticket Sale Script 2026-04-23 N/A
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.
CVE-2008-6226 1 Preproject 1 Php Auto Listings Script 2026-04-23 N/A
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
CVE-2008-6227 1 Preproject 1 Pre Multi-vendor Shopping Malls 2026-04-23 N/A
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
CVE-2008-6228 1 Preproject 1 Pre Multi-vendor Shopping Malls 2026-04-23 N/A
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6229 1 Drupal 1 Content Construction Kit 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.
CVE-2008-6230 1 Preprojects 1 Pre Podcast Portal 2026-04-23 N/A
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6231 1 Preprojects 1 Pre Classified Listings 2026-04-23 N/A
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6232 1 Preprojects 1 Pre Shopping Mall 2026-04-23 N/A
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".