Export limit exceeded: 351378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351378 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3338 | 1 Tibco | 4 Hawk, Iprocess Engine, Mainframe Service Tracker and 1 more | 2026-04-23 | N/A |
| Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. | ||||
| CVE-2008-2543 | 1 Asterisk | 1 Asterisk-addons | 2026-04-23 | N/A |
| The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets. | ||||
| CVE-2008-2550 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. | ||||
| CVE-2008-2551 | 1 Icona | 1 Instant Messenger | 2026-04-23 | N/A |
| The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run." | ||||
| CVE-2008-2552 | 1 Sun | 2 Service Tag, Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors. | ||||
| CVE-2008-2553 | 1 Slashcode.com | 1 Slash | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter. | ||||
| CVE-2008-3492 | 1 Americasarmy | 1 America\'s Army | 2026-04-23 | N/A |
| America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS. | ||||
| CVE-2008-3344 | 1 Myiosoft | 1 Easye-cards | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters. | ||||
| CVE-2008-2556 | 1 Hessel Brouwer | 1 Php Visit Counter | 2026-04-23 | N/A |
| SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action. | ||||
| CVE-2008-2557 | 1 Cre Loaded | 1 Cre Loaded | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Links and (2) Links Submit pages. | ||||
| CVE-2008-2558 | 1 Cre Loaded | 1 Cre Loaded | 2026-04-23 | N/A |
| CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP. | ||||
| CVE-2008-3457 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. | ||||
| CVE-2008-2559 | 1 Damian Frizza | 1 Borland Interbase | 2026-04-23 | N/A |
| Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467. | ||||
| CVE-2008-3458 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | ||||
| CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2026-04-23 | N/A |
| Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | ||||
| CVE-2008-3013 | 1 Microsoft | 13 Digital Image Suite, Forefront Client Security, Internet Explorer and 10 more | 2026-04-23 | N/A |
| gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." | ||||
| CVE-2008-2315 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2026-04-23 | N/A |
| Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||||
| CVE-2008-3297 | 1 Social Engine | 1 Social Engine | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php. | ||||
| CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | ||||
| CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | ||||