Search Results (362812 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7040 2 Wordpress, Yellowswordfish 2 Wordpress, Simple Forum 2026-04-23 N/A
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVE-2008-2796 1 Freecms.us 1 Freecms 2026-04-23 N/A
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-2808 3 Mozilla, Redhat, Ubuntu 10 Firefox, Seamonkey, Thunderbird and 7 more 2026-04-23 N/A
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
CVE-2008-7047 1 Natterchat 1 Natterchat 2026-04-23 N/A
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
CVE-2008-2797 1 Manageengine 1 Oputils 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2799 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
CVE-2008-2800 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.
CVE-2008-2801 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
CVE-2008-2805 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
CVE-2008-2809 3 Mozilla, Netscape, Redhat 5 Firefox, Geckb, Seamonkey and 2 more 2026-04-23 N/A
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
CVE-2007-1132 1 Mtcms 1 Mtcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.
CVE-2008-2812 8 Avaya, Canonical, Debian and 5 more 16 Communication Manager, Expanded Meet-me Conferencing, Intuity Audix Lx and 13 more 2026-04-23 7.8 High
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
CVE-2008-7049 1 Natterchat 1 Natterchat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
CVE-2008-2813 1 Shoutcastadmin 1 Wallcity-server Shoutcast Admin Panel 2026-04-23 N/A
Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2009-0820 1 Php.brickhost 1 Phpscheduleit 2026-04-23 N/A
Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132.
CVE-2008-2815 1 Mymarket 1 Mymarket 2026-04-23 N/A
SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2817 1 Nitropowered 1 Nitro Web Gallery 2026-04-23 N/A
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.
CVE-2008-2819 1 Blognplus 1 Blognplus 2026-04-23 N/A
SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-7051 1 Ajsquare 1 Aj Article 2026-04-23 N/A
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/.
CVE-2008-2820 1 Azimyt 1 Open Azimyt Cms 2026-04-23 N/A
Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.