Export limit exceeded: 361534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361534 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4491 | 1 Apple | 2 Mac Os X, Mail | 2026-04-23 | N/A |
| Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | ||||
| CVE-2009-1937 | 1 Lightneasy | 1 Lightneasy | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4494 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-1940 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4495 | 1 Select Development Solutions | 1 Php Auto Dealer | 2026-04-23 | N/A |
| SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | ||||
| CVE-2008-3276 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field. | ||||
| CVE-2008-4496 | 1 Select Development Solutions | 1 Php Realtor | 2026-04-23 | N/A |
| SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | ||||
| CVE-2008-4500 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-23 | N/A |
| Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". | ||||
| CVE-2008-4501 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. | ||||
| CVE-2008-4802 | 1 Simple Php Scripts | 1 Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4502 | 1 Datafeedfile | 1 Dff Framework Api | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. | ||||
| CVE-2008-4503 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." | ||||
| CVE-2008-4504 | 1 Herosoft | 1 Hero Dvd Player | 2026-04-23 | N/A |
| Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a "long entry." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4808 | 1 Ibm | 1 Lotus Connections | 2026-04-23 | N/A |
| IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4512 | 1 Designplace | 1 Asp\/ms Access Shoutbox | 2026-04-23 | N/A |
| ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2008-4809 | 1 Ibm | 1 Lotus Connections | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4514 | 1 Konqueror | 1 Konqueror | 2026-04-23 | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. | ||||
| CVE-2008-4515 | 1 Blue Coat Systems | 1 K9 Web Protection | 2026-04-23 | N/A |
| Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. | ||||
| CVE-2008-4526 | 1 Customcms | 1 Ccms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php. | ||||
| CVE-2008-4529 | 1 Asicms | 1 Asicms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/. | ||||