Search Results (365419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5537 2 Microsoft, Pctools 2 Internet Explorer, Pctools Antivirus 2026-04-23 N/A
PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-5538 2 Microsoft, Prevx 2 Internet Explorer, Prevx1 2026-04-23 N/A
Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-5539 2 Microsoft, Rising-global 2 Internet Explorer, Rising Antivirus 2026-04-23 N/A
RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-5055 1 Activecampaign 1 Triolive 2026-04-23 N/A
SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.
CVE-2008-5056 1 Activecampaign 1 Triolive 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php.
CVE-2008-5057 1 Aspindir 1 Dizi Portali 2026-04-23 N/A
SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5058 1 Preproject 1 Pre Simple Cms 2026-04-23 N/A
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
CVE-2008-5059 1 Modernbill 1 Modernbill 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.
CVE-2008-5060 1 Modernbill 1 Modernbill 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
CVE-2008-5061 1 Smolinari 1 Mini Web Calendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2008-5062 1 Smolinari 1 Mini Web Calendar 2026-04-23 N/A
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
CVE-2008-5063 1 Otmanager 1 Otmanager 2026-04-23 N/A
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
CVE-2008-5064 1 H\&h 1 Websoccer 2026-04-23 N/A
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5065 1 Easy-script 1 Tlguesbook 2026-04-23 N/A
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
CVE-2008-5066 1 Agaresmedia 1 Themesitescript 2026-04-23 N/A
PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
CVE-2008-5067 1 Kkeim 1 Kmita Catalogue 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5068 1 Kkeim 1 Kmita Gallery 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5071 1 Yoxel 1 Yoxel 2026-04-23 N/A
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
CVE-2008-5072 1 K-lite 1 Mega Codec Pack 2026-04-23 N/A
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.
CVE-2008-5073 1 Novell 1 Zenworks Desktop Management 2026-04-23 N/A
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.