Export limit exceeded: 361836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4585 | 1 Belong Software | 1 Site Builder | 2026-04-23 | N/A |
| Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php. | ||||
| CVE-2008-4586 | 1 Acresso | 1 Flexnet Connect | 2026-04-23 | N/A |
| Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method. | ||||
| CVE-2008-5403 | 2 Cerulean Studios, Ceruleanstudios | 4 Trillian, Trillian Pro, Trillian and 1 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | ||||
| CVE-2008-4587 | 1 Acresso | 1 Flexnet Connect | 2026-04-23 | N/A |
| Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders. | ||||
| CVE-2008-5404 | 1 Grid2000 | 1 Flexcell Grid Control | 2026-04-23 | N/A |
| Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5527 | 2 Eset, Microsoft | 2 Smart Security, Internet Explorer | 2026-04-23 | N/A |
| ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2009-1918 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2026-04-23 | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." | ||||
| CVE-2008-4588 | 1 Etype | 1 Eserv | 2026-04-23 | N/A |
| Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command. | ||||
| CVE-2008-4589 | 1 Lenovo | 1 Resuce And Recovery | 2026-04-23 | N/A |
| Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. | ||||
| CVE-2008-5405 | 1 Oxid | 1 Cain And Abel | 2026-04-23 | N/A |
| Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | ||||
| CVE-2008-4590 | 1 Stash | 1 Stash | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php. | ||||
| CVE-2008-4591 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters. | ||||
| CVE-2008-4592 | 1 Sportspanel | 1 Sports Clubs Web Portal | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | ||||
| CVE-2008-4593 | 1 Apple | 1 Iphone | 2026-04-23 | N/A |
| Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | ||||
| CVE-2008-5406 | 1 Apple | 2 Itunes, Quicktime | 2026-04-23 | N/A |
| Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | ||||
| CVE-2009-1922 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more | 2026-04-23 | N/A |
| The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." | ||||
| CVE-2008-4486 | 1 Yerba | 1 Yerba | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | ||||
| CVE-2009-1753 | 1 Emn | 1 Coccinelle | 2026-04-23 | N/A |
| Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file." | ||||
| CVE-2009-1749 | 1 Joost Horward | 1 Catviz | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. | ||||
| CVE-2008-5361 | 2 Adobe, Redhat | 3 Air, Flash Player, Rhel Extras | 2026-04-23 | N/A |
| The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. | ||||