Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6466 2 Akirapowered, E107 2 Image Gallery, E107 2026-04-23 N/A
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
CVE-2008-6467 1 Dieselscripts 1 Diesel Job Site 2026-04-23 N/A
SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter.
CVE-2008-6468 1 Dieselscripts 1 Diesel Pay 2026-04-23 N/A
SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.
CVE-2008-6469 1 Plaincart 1 Plaincart 2026-04-23 N/A
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2008-6470 1 Clansphere 1 Clansphere 2026-04-23 N/A
Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files. NOTE: some of these details are obtained from third party information.
CVE-2008-6471 1 Mountaingrafix 1 Easylink 2026-04-23 N/A
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.
CVE-2008-6472 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
CVE-2008-6473 1 Blogator-script 1 Blogator-script 2026-04-23 N/A
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
CVE-2008-6474 1 F5 1 Tmos 2026-04-23 N/A
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
CVE-2008-6475 1 Drake Team 1 Drake Cms 2026-04-23 N/A
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
CVE-2008-6476 1 Dotnetblogengine 1 Blogengine.net 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2008-6477 1 Mumbojumbo 1 Op4 2026-04-23 N/A
SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-6478 1 Parallels 1 Virtuozzo Containers 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
CVE-2008-6487 1 Digiappz 1 Digiaffiliate 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
CVE-2008-6479 1 Parallels 1 Parallels Virtuozzo 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
CVE-2008-6480 1 Softnews Media Group 1 Datalife Engine 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.
CVE-2008-6481 3 Joomla, Joomprod, Mambo-foundation 3 Joomla, Com Versioning, Mambo 2026-04-23 N/A
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
CVE-2008-6482 2 Joomla, Justjoomla 2 Joomla, Com Treeg 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
CVE-2008-6483 2 Joomla, Virtuemart-solutions 2 Joomla, Com Googlebase 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-6484 1 Mole-group 1 Taxi Calc Dist Script 2026-04-23 N/A
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.