Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3520 | 2 Jasper Project, Redhat | 3 Jasper, Enterprise Linux, Rhev Manager | 2026-04-23 | N/A |
| Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | ||||
| CVE-2008-3519 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2026-04-23 | N/A |
| The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | ||||
| CVE-2008-3512 | 1 Php Nuke | 1 Kleinanzeigen Module | 2026-04-23 | N/A |
| SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | ||||
| CVE-2008-3473 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." | ||||
| CVE-2008-3441 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| CVE-2008-3850 | 1 Accellion | 1 Secure File Transfer Appliance | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html. | ||||
| CVE-2008-3019 | 1 Microsoft | 3 Office, Office Converter Pack, Works | 2026-04-23 | N/A |
| Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." | ||||
| CVE-2008-3429 | 1 Httrack | 2 Httrack, Winhttrack | 2026-04-23 | N/A |
| Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL. | ||||
| CVE-2008-3412 | 1 Ecshop | 1 Epshop | 2026-04-23 | N/A |
| SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI. | ||||
| CVE-2008-3376 | 1 Jamroom | 1 Jamroom | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. | ||||
| CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2026-04-23 | N/A |
| The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | ||||
| CVE-2008-3374 | 1 Gregarius | 1 Gregarius | 2026-04-23 | N/A |
| SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. | ||||
| CVE-2008-3373 | 1 Grisoft | 1 Avg Antivirus | 2026-04-23 | N/A |
| The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | ||||
| CVE-2008-3372 | 1 Greatclone | 1 Getacoder Clone | 2026-04-23 | N/A |
| SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | ||||
| CVE-2008-3334 | 1 Mybb | 1 Mybb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | ||||
| CVE-2008-3333 | 1 Mantis | 1 Mantis | 2026-04-23 | N/A |
| Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). | ||||
| CVE-2008-3332 | 1 Mantis | 1 Mantis | 2026-04-23 | N/A |
| Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. | ||||
| CVE-2008-3331 | 1 Mantis | 1 Mantis | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. | ||||
| CVE-2008-3288 | 1 Emc | 1 Dantz Retrospect Backup Server | 2026-04-23 | N/A |
| The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords. | ||||
| CVE-2008-3287 | 1 Emc Dantz | 1 Retrospect Backup Client | 2026-04-23 | N/A |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. | ||||