Search Results (366296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6835 2 Drupal, Peter Wolanin 2 Drupal, Openid 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6836 2 Drupal, Peter Wolanin 2 Drupal, Openid 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
CVE-2008-6837 1 Zoph 1 Zoph 2026-04-23 N/A
SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6838 1 Zoph 1 Zoph 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6839 1 Tgs-cms 1 Tgs Content Management 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6840 1 Christof Bruyland 1 V-webmail 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/; the CONFIG[pear_dir] parameter to (j) includes/prepend.php, and (k) includes/cachedConfig.php; and the (2) CONFIG[includes] parameter to (l) prepend.php and (m) email.list.search.php in includes/. NOTE: the CONFIG[pear_dir] parameter to includes/mailaccess/pop3.php is already covered by CVE-2006-2666.
CVE-2008-6841 2 Gmitc, Joomla 2 Com Dbquery, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.
CVE-2008-6842 1 Pluck-cms 1 Pluck 2026-04-23 N/A
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
CVE-2008-6843 2 Cpanel, Netenberg 2 Cpanel, Fantastico De Luxe 2026-04-23 N/A
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
CVE-2008-6844 1 Ez 1 Ez Publish 2026-04-23 N/A
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
CVE-2008-6845 1 Clamav 1 Clamav 2026-04-23 N/A
The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
CVE-2008-6846 1 Avast 1 Avast Antivirus 2026-04-23 N/A
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.
CVE-2008-6847 1 Preproject 1 Pre Asp Job Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2008-6848 1 W2b 1 Phpgreetcards 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
CVE-2008-6849 1 W2b 1 Phpgreetcards 2026-04-23 N/A
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php.
CVE-2008-6850 1 Php-fusion 1 Php-fusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6851 1 Php Link Directory 1 Php Link Directory 2026-04-23 N/A
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2008-6852 2 Joomla, Markus Donhauser 2 Joomla\!, Ice Gallery Component For Joomla 2026-04-23 N/A
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-6626 1 Webbdomain 1 Quiz 2026-04-23 N/A
SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6401 1 Jetik 1 Jetik-web 2026-04-23 N/A
SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter.