Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0435 1 Ozjournals 1 Ozjournals 2026-04-23 N/A
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
CVE-2008-0436 1 Pd9 Software 1 Megabbs 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter.
CVE-2008-1533 1 Joomla 1 Joomla 2026-04-23 N/A
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
CVE-2008-0439 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.
CVE-2007-2628 1 Justin Koivisto 1 Phpsecurityadmin 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
CVE-2008-4641 1 Sentex 1 Jhead 2026-04-23 N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
CVE-2008-0441 1 Ibm 1 Tivoli Business Service Manager 2026-04-23 N/A
IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information.
CVE-2008-0442 1 Small Axe Solutions 1 Weblog 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0445 1 Elog 1 Elog 2026-04-23 N/A
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
CVE-2008-1535 1 Matti Kiviharju 1 Rekry Component 2026-04-23 N/A
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.
CVE-2007-2670 1 Globalmegacorp 1 Phpchain 2026-04-23 N/A
PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.
CVE-2008-0446 1 Julian Pawlowski 1 Lulieblog 2026-04-23 N/A
SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1536 1 Picturespro 1 Picturespro Photo Cart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-2693 2 Mysql, Oracle 2 Mysql, Mysql 2026-04-23 N/A
MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
CVE-2008-0466 1 Webwiz 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor 2026-04-23 N/A
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
CVE-2006-5208 1 Deltascripts 1 Php Classifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php.
CVE-2007-2694 1 Bea 1 Weblogic Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-2696 1 Bea 1 Weblogic Server 2026-04-23 N/A
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
CVE-2008-0475 1 Manageengine 1 Applications Manager 2026-04-23 N/A
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0882 2 Oracle, Sun 2 Solaris, Sunos 2026-04-23 N/A
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.