Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6816 1 Dmxready 1 Dmxready Secure Login Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.
CVE-2007-5785 1 Jobsiteprofessional 1 Jobsite Professional 2026-04-23 N/A
SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6550 1 Pmos Helpdesk 1 Pmos Helpdesk 2026-04-23 N/A
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
CVE-2007-6570 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
CVE-2007-6571 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
CVE-2007-6572 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
CVE-2008-4414 1 Hp 1 Tru64 2026-04-23 N/A
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
CVE-2009-0246 1 Easyhdr 1 Easyhdr 2026-04-23 N/A
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file.
CVE-2009-0248 1 Katywhitton 1 Rankem 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
CVE-2008-4330 1 Lansuite 1 Lansuite 2026-04-23 N/A
Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.
CVE-2008-4331 1 Phpocs 1 Phpocs 2026-04-23 N/A
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php.
CVE-2008-4336 1 Constantin Charissis 1 Atomic Photo Album 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.
CVE-2008-4340 1 Google 1 Chrome 2026-04-23 N/A
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
CVE-2008-4341 1 Myblog 1 Myblog 2026-04-23 N/A
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
CVE-2008-4351 1 Phpsmartcom 1 Phpsmartcom 2026-04-23 N/A
Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter.
CVE-2008-4694 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
CVE-2008-4719 1 Openengine 1 Openengine 2026-04-23 N/A
PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329.
CVE-2008-5967 1 Phpicalendar 1 Phpicalendar 2026-04-23 N/A
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
CVE-2008-5968 1 Phpicalendar 1 Phpicalendar 2026-04-23 N/A
Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
CVE-2008-6471 1 Mountaingrafix 1 Easylink 2026-04-23 N/A
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.