Export limit exceeded: 347938 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347938 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5246 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5250 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. | ||||
| CVE-2008-3048 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2026-04-23 | N/A |
| Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality." | ||||
| CVE-2008-4385 | 1 Systemrequirementslab | 1 System Requirements Lab | 2026-04-23 | N/A |
| Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar. | ||||
| CVE-2008-5264 | 1 Tornado | 1 Tornado Knowledge Retrieval System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action. | ||||
| CVE-2008-3049 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2026-04-23 | N/A |
| The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-3860 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. | ||||
| CVE-2008-5266 | 2 Oracle, Sun | 2 Glassfish Server, Java System Application Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. | ||||
| CVE-2008-3050 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2026-04-23 | N/A |
| Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2008-5272 | 1 Syndeocms | 1 Syndeocms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php. | ||||
| CVE-2008-5281 | 1 South River Technologies | 1 Titan Ftp Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | ||||
| CVE-2008-3051 | 1 Typo3 | 1 Pinboard Extension | 2026-04-23 | N/A |
| SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-3861 | 1 Phpmyrealty | 1 Phpmyrealty | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php. | ||||
| CVE-2008-3052 | 1 Typo3 | 1 Sql Frontend Extension | 2026-04-23 | N/A |
| Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2008-5283 | 1 Ghh | 1 Google Hack Honeypot File Upload Manager | 2026-04-23 | N/A |
| Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action. | ||||
| CVE-2008-5285 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. | ||||
| CVE-2008-5290 | 1 Scripts4you | 1 Clean Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2008-5297 | 1 Vitalwerks | 1 No-ip Duc | 2026-04-23 | N/A |
| Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function. | ||||
| CVE-2008-5299 | 1 Karakas-online | 1 Chm2pdf | 2026-04-23 | N/A |
| chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories. | ||||
| CVE-2008-3053 | 1 Typo3 | 1 Sql Frontend Extension | 2026-04-23 | N/A |
| SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||