Export limit exceeded: 26229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26229 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4927 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6961 1 Mozilla 2 Seamonkey, Thunderbird 2026-04-23 N/A
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
CVE-2008-6962 1 Avira 4 Antivir, Antivir Personal, Antivir Professional and 1 more 2026-04-23 N/A
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.
CVE-2008-4721 1 Php Jabbers 1 Post Comment 2026-04-23 N/A
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2009-0358 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
CVE-2008-2747 2 Microsoft, No-ip 2 Windows, Dynamic Update Client 2026-04-23 N/A
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
CVE-2008-3138 3 Redhat, Rpath, Wireshark 3 Enterprise Linux, Rpath Linux, Wireshark 2026-04-23 N/A
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
CVE-2008-3168 1 Empire Server 1 Empire Server 2026-04-23 N/A
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
CVE-2008-4878 1 Mywebcards 1 Webcards 2026-04-23 N/A
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
CVE-2008-2723 1 Menalto 1 Gallery 2026-04-23 N/A
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."
CVE-2008-4824 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
CVE-2008-4747 1 Sun 2 Java Access Manager, Java System Ldap Jdk 2026-04-23 N/A
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.
CVE-2008-6999 1 Phpauction 1 Phpauction 2026-04-23 N/A
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2008-4821 3 Adobe, Mozilla, Redhat 5 Flash Player, Camino, Firefox and 2 more 2026-04-23 N/A
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
CVE-2008-6943 1 Scriptsfeed 1 Recipes Listing Portal 2026-04-23 N/A
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
CVE-2008-6944 1 Scriptsfeed 1 Auto Classifieds 2026-04-23 N/A
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
CVE-2008-4919 1 Visagesoft 1 Expert Pdf Viewer Activex 2026-04-23 N/A
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.
CVE-2008-7029 1 Alilg 1 Aliboard 2026-04-23 N/A
Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/.
CVE-2008-4910 1 Sun 1 Java Web Start 2026-04-23 N/A
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
CVE-2008-4907 1 Dovecot 1 Dovecot 2026-04-23 N/A
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."