Export limit exceeded: 346145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4589 | 1 Lenovo | 1 Resuce And Recovery | 2026-04-23 | N/A |
| Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. | ||||
| CVE-2008-5405 | 1 Oxid | 1 Cain And Abel | 2026-04-23 | N/A |
| Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | ||||
| CVE-2008-4590 | 1 Stash | 1 Stash | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php. | ||||
| CVE-2008-4591 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters. | ||||
| CVE-2008-4592 | 1 Sportspanel | 1 Sports Clubs Web Portal | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | ||||
| CVE-2008-4593 | 1 Apple | 1 Iphone | 2026-04-23 | N/A |
| Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | ||||
| CVE-2008-5406 | 1 Apple | 2 Itunes, Quicktime | 2026-04-23 | N/A |
| Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | ||||
| CVE-2008-4596 | 1 Drupal | 1 Shindig-integrator | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages. | ||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2026-04-23 | N/A |
| Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2008-4598 | 1 Drupal | 1 Shindig-integrator | 2026-04-23 | N/A |
| Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597. | ||||
| CVE-2008-4599 | 1 Mosaic Commerce | 1 Mosaic Commerce | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2008-4600 | 1 Steve Dawson | 1 Pokermax Poker League Tournament Script | 2026-04-23 | N/A |
| configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie. | ||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | ||||
| CVE-2008-4602 | 1 Qualityunit | 1 Post Affiliate Pro | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter. | ||||
| CVE-2008-4603 | 1 Igaming | 1 Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action. | ||||
| CVE-2008-4604 | 1 Cafeengine | 1 Easycafeengine | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | ||||
| CVE-2008-4605 | 1 Cafeengine | 1 Easycafeengine | 2026-04-23 | N/A |
| SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php. | ||||
| CVE-2008-5408 | 1 Symantec | 1 Backup Exec For Windows Server | 2026-04-23 | N/A |
| Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. | ||||
| CVE-2008-5528 | 2 Aladdin, Microsoft | 2 Esafe, Internet Explorer | 2026-04-23 | N/A |
| Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2008-4606 | 1 Ip Reg | 1 Ip Reg | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579. | ||||