Export limit exceeded: 361559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361559 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4917 | 1 Vmware | 5 Esx, Esxi, Player and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. | ||||
| CVE-2008-4683 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | ||||
| CVE-2008-4686 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. | ||||
| CVE-2008-4690 | 2 Lynx, Redhat | 2 Lynx, Enterprise Linux | 2026-04-23 | N/A |
| lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. | ||||
| CVE-2008-4918 | 1 Sonicwall | 4 Pro 2040, Sonicos Enhanced, Tz 180 and 1 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." | ||||
| CVE-2008-4692 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | ||||
| CVE-2008-4693 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | ||||
| CVE-2008-3668 | 1 Marcello Brandao | 1 Yogurt Social Network Module | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap. | ||||
| CVE-2008-4694 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL. | ||||
| CVE-2008-4921 | 1 Chipmunk Scripts | 1 Chipmunk Cms | 2026-04-23 | N/A |
| board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4697 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2008-4924 | 1 Mw6 Technologies | 1 1d Barcode Decoder Activex | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | ||||
| CVE-2008-4698 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. | ||||
| CVE-2008-4699 | 1 Microsoft | 1 Peachtree Accounting | 2026-04-23 | N/A |
| Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method. | ||||
| CVE-2008-4929 | 1 Mybb | 1 Mybb | 2026-04-23 | 7.5 High |
| MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | ||||
| CVE-2008-4700 | 1 Liberiacms | 1 Liberia Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter. | ||||
| CVE-2008-4931 | 1 Firmchannel | 1 Digital Signage | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | ||||
| CVE-2008-4701 | 1 Liberiacms | 1 Liberia Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4704 | 1 Mitre | 1 Sezhoo | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | ||||
| CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2026-04-23 | N/A |
| webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. | ||||