Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2571 1 Verliadmin 1 Verliadmin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action.
CVE-2008-6722 1 Novell 1 Access Manager 2026-04-23 N/A
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
CVE-2008-6724 1 Patrick Matthai 1 Pnopaste 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6727 1 Myupb 1 Upb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2008-6728 1 Phpnuke 1 Php-nuke 2026-04-23 N/A
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
CVE-2008-6729 1 Phpmotion 1 Phpmotion 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.
CVE-2009-2587 1 Dragdropcart 1 Dragdropcart 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
CVE-2008-6736 1 Circulargenius 1 Flat Calendar 2026-04-23 N/A
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
CVE-2009-2588 1 Resalecode 1 Hotscripts Type Php Clone Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
CVE-2009-2592 1 Phpjunkyard 1 Gbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter.
CVE-2009-2593 1 Censura 1 Censura 2026-04-23 N/A
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
CVE-2008-6743 1 Shock-therapy 1 Rsmscript 2026-04-23 N/A
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
CVE-2008-6746 1 Horde 1 Turba H3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.
CVE-2009-2598 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
CVE-2008-6747 1 Dotproject 1 Dotproject 2026-04-23 N/A
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.
CVE-2008-6759 1 Viart 1 Viart Shop 2026-04-23 N/A
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.
CVE-2008-6760 1 Viart 1 Viart Shop 2026-04-23 N/A
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.
CVE-2008-6761 1 China-on-site 1 Flexcustomer0.0.6 2026-04-23 N/A
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
CVE-2009-2602 1 R2newsletter 3 R2 Newsletter Lite, R2 Newsletter Pro, R2 Newsletter Stats 2026-04-23 N/A
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
CVE-2008-6779 1 Phpnuke 2 Php-nuke, Sarkilar Module 2026-04-23 N/A
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.