Export limit exceeded: 366011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6124 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2026-04-23 | N/A |
| SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. | ||||
| CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2026-04-23 | N/A |
| Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | ||||
| CVE-2008-6126 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589. | ||||
| CVE-2008-6127 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php. | ||||
| CVE-2008-6128 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-6129 | 1 Mozilo | 1 Mozilowiki | 2026-04-23 | N/A |
| Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | ||||
| CVE-2008-6130 | 1 Mozilo | 1 Mozilowiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters. | ||||
| CVE-2008-6131 | 1 Mozilo | 1 Mozilowiki | 2026-04-23 | N/A |
| Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-6132 | 1 Brickhost | 1 Phpscheduleit | 2026-04-23 | N/A |
| Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. | ||||
| CVE-2008-6133 | 1 Ozsari | 1 Full Php Emlak Script | 2026-04-23 | N/A |
| SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942. | ||||
| CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6135 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2026-04-23 | N/A |
| Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | ||||
| CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | ||||
| CVE-2008-6138 | 1 Webbiscuits | 1 Modules Controller | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | ||||
| CVE-2008-6139 | 1 Webbiscuits | 1 Modules Controller | 2026-04-23 | N/A |
| Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. | ||||
| CVE-2008-6140 | 1 Avaya | 1 One-x | 2026-04-23 | N/A |
| Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | ||||
| CVE-2008-6141 | 1 Avaya | 1 Ip Soft Phone | 2026-04-23 | N/A |
| Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data. | ||||
| CVE-2008-6142 | 1 China-on-site | 1 Flexphpic | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | ||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2026-04-23 | N/A |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | ||||