Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4577 | 5 Canonical, Dovecot, Fedoraproject and 2 more | 5 Ubuntu Linux, Dovecot, Fedora and 2 more | 2026-04-23 | 7.5 High |
| The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | ||||
| CVE-2008-4578 | 1 Dovecot | 1 Dovecot | 2026-04-23 | N/A |
| The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes. | ||||
| CVE-2008-4579 | 2 Gentoo, Redhat | 4 Cman, Fence, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | ||||
| CVE-2008-4580 | 1 Gentoo | 2 Cman, Fence | 2026-04-23 | N/A |
| fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file. | ||||
| CVE-2008-4581 | 1 Ibm | 1 Enovia Smarteam | 2026-04-23 | N/A |
| The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. | ||||
| CVE-2008-4582 | 4 Canonical, Debian, Microsoft and 1 more | 5 Ubuntu Linux, Debian Linux, Windows and 2 more | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. | ||||
| CVE-2008-4585 | 1 Belong Software | 1 Site Builder | 2026-04-23 | N/A |
| Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php. | ||||
| CVE-2008-4587 | 1 Acresso | 1 Flexnet Connect | 2026-04-23 | N/A |
| Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders. | ||||
| CVE-2008-4588 | 1 Etype | 1 Eserv | 2026-04-23 | N/A |
| Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command. | ||||
| CVE-2008-4589 | 1 Lenovo | 1 Resuce And Recovery | 2026-04-23 | N/A |
| Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. | ||||
| CVE-2008-4590 | 1 Stash | 1 Stash | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php. | ||||
| CVE-2008-4591 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters. | ||||
| CVE-2008-4601 | 1 Habari | 1 Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. | ||||
| CVE-2008-4593 | 1 Apple | 1 Iphone | 2026-04-23 | N/A |
| Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | ||||
| CVE-2008-4595 | 1 Slaytanic Scripts | 1 Content Plus | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors. | ||||
| CVE-2008-4596 | 1 Drupal | 1 Shindig-integrator | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages. | ||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2026-04-23 | N/A |
| Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2008-4598 | 1 Drupal | 1 Shindig-integrator | 2026-04-23 | N/A |
| Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597. | ||||
| CVE-2008-4599 | 1 Mosaic Commerce | 1 Mosaic Commerce | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2008-4600 | 1 Steve Dawson | 1 Pokermax Poker League Tournament Script | 2026-04-23 | N/A |
| configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie. | ||||