Search Results (362690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4176 1 Asp Indir 1 Fot Video Scripti 2026-04-23 N/A
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
CVE-2008-6471 1 Mountaingrafix 1 Easylink 2026-04-23 N/A
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.
CVE-2008-1498 1 Netwin 1 Surgemail 2026-04-23 N/A
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
CVE-2008-1503 1 F5 1 Tmos 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities.
CVE-2008-1511 1 Oocomments 1 Oocomments 2026-04-23 9.8 Critical
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1515 1 Otrs 1 Otrs 2026-04-23 N/A
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
CVE-2008-1522 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access.
CVE-2008-6473 1 Blogator-script 1 Blogator-script 2026-04-23 N/A
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
CVE-2008-1526 1 Zyxel 38 P-660h-61, P-660h-61 Firmware, P-660h-63 and 35 more 2026-04-23 7.5 High
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
CVE-2006-6132 1 Softacid 1 Link Exchange Lite 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.
CVE-2008-1528 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.
CVE-2008-1530 1 Gnupg 1 Gnupg 2026-04-23 N/A
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
CVE-2008-6476 1 Dotnetblogengine 1 Blogengine.net 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2009-0533 1 Scripts-for-sites 1 Ez Reminder 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1534 1 Powerscripts 1 Powerphpboard 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.
CVE-2008-6479 1 Parallels 1 Parallels Virtuozzo 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
CVE-2009-0534 1 Flexcms 1 Flexcms 2026-04-23 N/A
SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.
CVE-2008-1535 1 Matti Kiviharju 1 Rekry Component 2026-04-23 N/A
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.
CVE-2008-4460 1 Vastal I-tech 1 Mmorpg Zone 2026-04-23 N/A
SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter.
CVE-2008-6481 3 Joomla, Joomprod, Mambo-foundation 3 Joomla, Com Versioning, Mambo 2026-04-23 N/A
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.