Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4696 1 Opera 1 Opera 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
CVE-2008-4704 1 Mitre 1 Sezhoo 2026-04-23 N/A
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
CVE-2008-4705 1 Phponlinedatingsoftware 1 Myphpdating 2026-04-23 N/A
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4716 1 Scriptdemo 1 Php-lance 2026-04-23 N/A
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-1446 1 Elkagroup 1 Image Gallery 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information.
CVE-2008-4714 1 Atomic Photo Album 1 Atomic Photo Album 2026-04-23 N/A
Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.
CVE-2008-4715 1 Jpad Project 1 Jpad 2026-04-23 N/A
SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2008-4725 1 Opera 1 Opera Browser 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.
CVE-2009-1447 1 E-cart 1 Free Shopping Cart 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2008-4730 1 Phpmyid 1 Phpmyid 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_trust_root parameter and an inconsistent openid_return_to parameter, which is not properly handled in an error message.
CVE-2008-4731 1 Michael Christen 1 Yacy 2026-04-23 N/A
Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors.
CVE-2008-4737 1 Noc2 1 Whodomlite 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter.
CVE-2008-4738 1 Tufat 1 Mycard 2026-04-23 N/A
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4739 1 Plugspace 1 Plugspace 2026-04-23 N/A
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.
CVE-2008-4741 1 Far-php 1 Far-php 2026-04-23 N/A
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
CVE-2008-4743 1 Quidascript 1 Faq Management Script 2026-04-23 N/A
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-4744 1 Dxproscripts 1 Dxshopcart 2026-04-23 N/A
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-4751 1 Epistream 1 Ipei Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
CVE-2008-4752 1 Tech Logic 1 Tlnews 2026-04-23 N/A
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
CVE-2008-4762 1 Freesshd 1 Freesshd 2026-04-23 N/A
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.