Export limit exceeded: 365153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6874 1 Aspsiteware 1 Autodealer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
CVE-2008-6875 1 Humayun Shabbir Bhutta 1 Asp Product Catalog 2026-04-23 N/A
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
CVE-2008-6876 1 Editeurscripts 1 Espartenaires 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037.
CVE-2008-6877 1 Zen Cart 1 Zen Cart 2026-04-23 N/A
Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
CVE-2008-6878 1 Zen Cart 1 Zen Cart 2026-04-23 N/A
Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
CVE-2008-6879 1 Apache 1 Roller 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
CVE-2008-6880 1 Easysitenetwork 1 Jokes Complete Website 2026-04-23 N/A
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6881 2 Joomla, Joompolitan 2 Joomla\!, Com Livechat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
CVE-2008-6882 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2026-04-23 N/A
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
CVE-2008-6883 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2026-04-23 N/A
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6884 1 Xoops 1 Xoops 2026-04-23 N/A
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
CVE-2008-6885 1 Xoops 1 Xoops 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.
CVE-2008-6886 1 Rsa 1 Envision 2026-04-23 N/A
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.
CVE-2008-6887 1 Preprojects 1 Pre Classified Listings 2026-04-23 N/A
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
CVE-2008-6888 1 Preprojects 1 Pre Classified Listings 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
CVE-2008-6889 1 Activewebsoftwares 1 Aspreferral 2026-04-23 N/A
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
CVE-2008-6890 1 Codetoad 1 Asp Forum Script 2026-04-23 N/A
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.
CVE-2008-6891 1 Codetoad 1 Asp Forum Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
CVE-2008-6892 1 Peel 1 Peel 2026-04-23 N/A
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572.
CVE-2008-6893 2 Alt-n, Microsoft 2 Worldclient, Internet Explorer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag.