Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6595 1 Typo3 1 Pmk Rssnewsexport Extension 2026-04-23 N/A
SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6601 1 Epona 1 Epona 2026-04-23 N/A
Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors.
CVE-2008-6611 1 Abweb 1 Minimal Ablog 2026-04-23 N/A
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6609 1 Ott 1 Phpcksec 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2008-6610 1 Ott 1 Phpcksec 2026-04-23 N/A
Absolute path traversal vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2.0 allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the file parameter.
CVE-2007-2072 1 Ivan Gallery Script 1 Ivan Gallery Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use
CVE-2008-6618 1 Netlab 1 Classsystem 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
CVE-2008-6625 1 Webbdomain 1 Polls 2026-04-23 N/A
SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6626 1 Webbdomain 1 Quiz 2026-04-23 N/A
SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6627 1 Webbdomain 1 Webshop 2026-04-23 N/A
SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6629 1 Webbdomain 1 Webshop Online 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2008-6630 1 Typo3 2 Typo3, Wt Gallery 2026-04-23 N/A
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors.
CVE-2008-6647 1 Ktools 1 Photostore 2026-04-23 N/A
SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
CVE-2008-6646 1 Coronamatrix 1 Phpaddressbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2008-6648 1 Ktools 1 Photostore 2026-04-23 N/A
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.
CVE-2008-6912 1 Zeeways 1 Shaadiclone 2026-04-23 N/A
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
CVE-2008-6656 1 Openautoclassifieds 1 Open Auto Classifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.
CVE-2008-6799 1 Tufat 1 Flashchat 2026-04-23 N/A
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."
CVE-2007-2077 1 Maian 1 Search 2026-04-23 N/A
PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem."
CVE-2008-6654 1 Structum 1 Infobiz Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.