Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1061 | 1 Wordpress | 1 Sniplets Plugin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php. | ||||
| CVE-2008-1062 | 1 Intervideo | 1 Windvd Media Center | 2026-04-23 | N/A |
| InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1436 | 1 Microsoft | 5 Windows-nt, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. | ||||
| CVE-2008-1612 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2026-04-23 | N/A |
| The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. | ||||
| CVE-2008-1064 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2008-1614 | 1 Sebastian Marsching | 1 Suphp | 2026-04-23 | N/A |
| suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges. | ||||
| CVE-2008-1069 | 1 Quantum Game Library | 1 Quantum Game Library | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php. | ||||
| CVE-2008-1617 | 1 Interwoven | 1 Worksite Web | 2026-04-23 | N/A |
| Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null. | ||||
| CVE-2008-1070 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||||
| CVE-2008-1618 | 1 Watchguard | 1 Firebox Pptp Vpn | 2026-04-23 | N/A |
| The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-4028 | 1 Microsoft | 8 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Outlook and 5 more | 2026-04-23 | N/A |
| Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. | ||||
| CVE-2008-1072 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. | ||||
| CVE-2008-1619 | 2 Redhat, Xensource Inc | 2 Enterprise Linux, Xen | 2026-04-23 | N/A |
| The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | ||||
| CVE-2008-1077 | 1 Mamboportal.com | 1 Simpleboard | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action. | ||||
| CVE-2008-1620 | 1 2x | 1 Thinclientserver | 2026-04-23 | N/A |
| Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename. | ||||
| CVE-2008-0816 | 1 Com Sg | 1 Com Sg | 2026-04-23 | N/A |
| SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task. | ||||
| CVE-2008-0808 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags. | ||||
| CVE-2008-0807 | 2 Debian, Horde | 4 Debian Linux, Groupware, Groupware Webmail Edition and 1 more | 2026-04-23 | N/A |
| lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | ||||
| CVE-2008-1745 | 1 Cisco | 1 Unified Communications Manager | 2026-04-23 | N/A |
| Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. | ||||
| CVE-2008-1744 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2026-04-23 | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. | ||||