Search Results (361907 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6033 1 Wsn Links 1 Wsn Links 2026-04-23 N/A
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6014 1 Rianxosencabos Cms 1 Rianxosencabos Cms 2026-04-23 N/A
SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1062 1 Intervideo 1 Windvd Media Center 2026-04-23 N/A
InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2388 2 Apple, Microsoft 3 Mac Os X, Quicktime, All Windows 2026-04-23 N/A
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
CVE-2008-6047 1 Adbnewssender 1 Adbnewssender 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing.
CVE-2008-6048 1 Tangocms 1 Tangocms 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators.
CVE-2007-2390 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
CVE-2008-6055 1 Preprojects 1 Pre Classified Listings 2026-04-23 N/A
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2007-2391 1 Apple 1 Safari 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.
CVE-2008-6073 1 Magic2003 1 Storagecrypt 2026-04-23 N/A
StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6081 1 Simplecustomer 1 Simple Customer 2026-04-23 N/A
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2396 1 Apple 1 Quicktime 2026-04-23 N/A
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
CVE-2008-1063 1 Xoops 1 Xm-memberstats 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
CVE-2008-6089 1 Scriptsez 1 Easy Image Downloader 2026-04-23 N/A
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action.
CVE-2008-6090 1 Scriptsez 1 Mini Hosting Panel 2026-04-23 N/A
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action.
CVE-2008-6098 1 Mozilla 1 Bugzilla 2026-04-23 N/A
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
CVE-2009-1027 1 Opencart 1 Opencart 2026-04-23 N/A
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2008-1065 1 Xoops 1 Xm Memberstats 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1068 1 Portail Web Php 1 Portail Web Php 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.
CVE-2007-2405 1 Apple 3 Mac Os X, Mac Os X Server, Pdfkit 2026-04-23 N/A
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file.