Search Results (120617 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3194 1 Jce-tech 1 Searchfeed Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2008-6082 1 Southrivertech 1 Titan Ftp Server 2026-04-23 N/A
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
CVE-2009-3196 1 Jce-tech 1 Php Video Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.
CVE-2008-6083 1 Txtshop 1 Txtshop 2026-04-23 N/A
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-6084 1 .matteoiammarrone 1 Iamma Simple Gallery 2026-04-23 N/A
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
CVE-2008-1768 1 Videolan 1 Vlc 2026-04-23 N/A
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
CVE-2008-6085 1 F-secure 17 F-secure Anti-virus, F-secure Anti-virus For Citrix Servers, F-secure Anti-virus For Microsoft Exchange and 14 more 2026-04-23 N/A
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
CVE-2008-6094 1 Celoxis 1 Celoxis 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter.
CVE-2008-6099 1 Rportal 1 Rportal 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter.
CVE-2009-3208 1 Prakashatma Mishra 1 Phpfreebb 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.
CVE-2008-6105 1 Ibm 2 Workplace For Business Controls And Reporting, Workplace Web Content Management 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2008-1791 1 Mygamingladder 1 Mygamingladder 2026-04-23 N/A
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
CVE-2009-3210 2 Drupal, Joao Ventura 2 Drupal, Print 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6115 1 Prozilla 1 Hosting Index 2026-04-23 N/A
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
CVE-2008-6117 1 Pilotgroup 1 Pg Job Site Pro 2026-04-23 N/A
SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.
CVE-2009-3215 2 Joomla, Php-shop-system 2 Joomla, Ixxo Cart 2026-04-23 N/A
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVE-2008-1843 1 W2b 1 Dating Club 2026-04-23 N/A
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
CVE-2009-3217 1 Wiccle 1 Iwiccle 2026-04-23 N/A
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
CVE-2008-1850 1 Osiaffiliate 1 Osiaffiliate 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters.
CVE-2008-1814 1 Oracle 3 Application Server, Collaboration Suite, Database 2026-04-23 N/A
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04.