Export limit exceeded: 348919 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348919 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4505 | 1 Ibm | 1 Lotus Quickr | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. | ||||
| CVE-2008-4506 | 1 Ibm | 1 Lotus Quickr | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | ||||
| CVE-2008-4507 | 1 Ibm | 1 Lotus Quickr | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. | ||||
| CVE-2008-4508 | 1 Tonec Inc. | 1 Internet Download Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210. | ||||
| CVE-2008-4509 | 1 Foss Gallery | 1 Foss Gallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. | ||||
| CVE-2008-4510 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | ||||
| CVE-2008-4511 | 1 Todd Woolums | 1 Asp News Management | 2026-04-23 | N/A |
| Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2008-4527 | 1 Php-fusion | 1 Recepies Module | 2026-04-23 | N/A |
| SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4528 | 1 Phlatline | 1 Personal Information Manager | 2026-04-23 | N/A |
| Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action. | ||||
| CVE-2008-4583 | 1 Chilkat Software | 1 Ftp | 2026-04-23 | N/A |
| Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method. | ||||
| CVE-2008-4530 | 1 Drupal | 1 Brilliant Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. | ||||
| CVE-2008-4531 | 1 Drupal | 1 Brilliant Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338. | ||||
| CVE-2008-4532 | 1 Maxiscript | 1 Website Directory | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action. | ||||
| CVE-2008-4533 | 1 Katan | 1 Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2008-4534 | 1 Ec-cube | 1 Ec-cube | 2026-04-23 | N/A |
| SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-4536 | 1 Ec-cube | 1 Ec-cube | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537. | ||||
| CVE-2008-4539 | 4 Canonical, Debian, Kvm Qumranet and 1 more | 4 Ubuntu Linux, Debian Linux, Kvm and 1 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. | ||||
| CVE-2008-4540 | 2 Htc, Microsoft | 2 Hermes, Windows Mobile | 2026-04-23 | N/A |
| Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. | ||||
| CVE-2008-4541 | 1 Sun | 1 Java System Web Proxy Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | ||||
| CVE-2008-4542 | 1 Cisco | 1 Unity | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). | ||||