Search Results (362578 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2859 1 Netwin 1 Surgemail 2026-04-23 N/A
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
CVE-2008-4226 2 Redhat, Xmlsoft 2 Enterprise Linux, Libxml 2026-04-23 N/A
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
CVE-2008-2861 1 Elinestudio 1 Site Composer 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
CVE-2008-2862 1 Elinestudio 1 Site Composer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
CVE-2008-2866 1 Caupo.net 1 Cauposhop Classic 2026-04-23 N/A
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.
CVE-2008-2874 1 Softbizscripts 1 Softbiz Jokes And Funny Pics Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
CVE-2008-2879 1 Benjacms 1 Benja Cms 2026-04-23 N/A
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu.
CVE-2008-2880 1 Ibm 1 Afp Viewer Plug-in 2026-04-23 N/A
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2891 1 Emusoft 1 Emucms 2026-04-23 N/A
SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.
CVE-2008-2892 2 Feellove, Joomla 2 Exp Shop Component, Com Expshop 2026-04-23 N/A
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
CVE-2009-1614 1 Gowondesigns 1 Leap 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.
CVE-2008-2893 1 Ajhyip 1 Aj Square Aj-hyip 2026-04-23 N/A
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.
CVE-2008-6946 1 Collabtive 1 Collabtive 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.
CVE-2008-2900 1 Phpauction 1 Phpauction 2026-04-23 N/A
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2901 1 Haudenschilt 1 Family Connections Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.
CVE-2008-7043 1 Freshscripts 1 Fresh Email Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks.
CVE-2009-3355 1 Datetopia 1 Buy Dating Site 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.
CVE-2009-3360 1 Datemill 1 Datemill 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
CVE-2008-2910 1 Muvee 1 Autoproducer 2026-04-23 N/A
Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text-Effect DXT Filter), as distributed in TextOut.dll 6.0.18.1 and mvtextout.dll, in muvee autoProducer 6.0 and 6.1 allows remote attackers to execute arbitrary code via a long FontSetting property value.
CVE-2008-2912 1 Contenido 1 Contenido Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenido_path parameter to (a) contenido/backend_search.php; the (2) cfg[path][contenido] parameter to (b) move_articles.php, (c) move_old_stats.php, (d) optimize_database.php, (e) run_newsletter_job.php, (f) send_reminder.php, (g) session_cleanup.php, and (h) setfrontenduserstate.php in contenido/cronjobs/, and (i) includes/include.newsletter_jobs_subnav.php and (j) plugins/content_allocation/includes/include.right_top.php in contenido/; the (3) cfg[path][templates] parameter to (k) includes/include.newsletter_jobs_subnav.php and (l) plugins/content_allocation/includes/include.right_top.php in contenido/; and the (4) cfg[templates][right_top_blank] parameter to (m) plugins/content_allocation/includes/include.right_top.php and (n) contenido/includes/include.newsletter_jobs_subnav.php in contenido/, different vectors than CVE-2006-5380.