Export limit exceeded: 26245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26245 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5507 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
CVE-2008-5508 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
CVE-2008-2735 1 Cisco 1 Adaptive Security Appliance 5500 2026-04-23 N/A
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.
CVE-2008-2736 1 Cisco 1 Adaptive Security Appliance 5500 2026-04-23 N/A
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.
CVE-2008-1506 1 Peel 1 Peel 2026-04-23 N/A
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2007-5711 1 Massive Entertainment 1 World In Conflict 2026-04-23 N/A
Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000.
CVE-2008-2742 1 Achievo 1 Achievo 2026-04-23 N/A
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
CVE-2008-2748 1 Skulltag Team 1 Skulltag 2026-04-23 N/A
Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times."
CVE-2008-5532 2 Ikarus, Microsoft 2 Ikarus Antivirus, Internet Explorer 2026-04-23 N/A
Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-1545 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.
CVE-2008-3960 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
CVE-2008-3957 1 Microsoft 1 Windows Image Acquisition Logger 2026-04-23 N/A
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3806 1 Php 1 Php 2026-04-23 N/A
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
CVE-2008-5538 2 Microsoft, Prevx 2 Internet Explorer, Prevx1 2026-04-23 N/A
Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-5539 2 Microsoft, Rising-global 2 Internet Explorer, Rising Antivirus 2026-04-23 N/A
RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-2782 1 Otomigenx 1 Otomigenx 2026-04-23 N/A
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
CVE-2008-5540 2 Microsoft, Secure Computing 3 Internet Explorer, Secure Web Gateway, Webwasher 2026-04-23 N/A
Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-5541 2 Microsoft, Sophos 2 Internet Explorer, Anti-virus 2026-04-23 N/A
Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2007-5701 1 Ibm 1 Lotus Domino 2026-04-23 N/A
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
CVE-2008-5545 2 Microsoft, Trend Micro 2 Internet Explorer, Trend Micro Antivirus 2026-04-23 N/A
Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.