Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6280 | 1 Cisco | 1 Wrt160n | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. | ||||
| CVE-2008-7032 | 1 F5 | 1 Big-ip | 2026-04-23 | N/A |
| Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form. | ||||
| CVE-2008-4279 | 1 Vmware | 4 Esx, Player, Server and 1 more | 2026-04-23 | N/A |
| The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. | ||||
| CVE-2008-4294 | 1 Ibm | 1 Tivoli Netcool Webtop | 2026-04-23 | N/A |
| IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun. | ||||
| CVE-2008-6281 | 1 Bluocms | 1 Bluo Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4295 | 2 Htc, Microsoft | 3 Mda, Wiza, Windows Mobile | 2026-04-23 | N/A |
| Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | ||||
| CVE-2008-4302 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2026-04-23 | 5.5 Medium |
| fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. | ||||
| CVE-2008-4310 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2026-04-23 | N/A |
| httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656. | ||||
| CVE-2008-4314 | 1 Samba | 1 Samba | 2026-04-23 | N/A |
| smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. | ||||
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2026-04-23 | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | ||||
| CVE-2008-4320 | 1 Opennms.org | 1 Opennms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | ||||
| CVE-2008-4321 | 1 Flashget | 1 Flashget Ftp | 2026-04-23 | N/A |
| Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command. | ||||
| CVE-2008-6282 | 1 Ortus.nirn | 1 Cms Ortus | 2026-04-23 | N/A |
| SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. | ||||
| CVE-2008-4322 | 1 Realflex Technologies Ltd | 1 Realwin Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet. | ||||
| CVE-2008-4323 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. | ||||
| CVE-2008-4324 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2026-04-23 | N/A |
| The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. | ||||
| CVE-2008-4325 | 1 Viewvc | 1 Viewvc | 2026-04-23 | N/A |
| lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed. | ||||
| CVE-2008-4326 | 2 Microsoft, Phpmyadmin | 2 Internet Explorer, Phpmyadmin | 2026-04-23 | N/A |
| The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | ||||
| CVE-2008-4327 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. | ||||
| CVE-2008-4328 | 1 Easyrealtorpro | 1 Easyrealtorpro | 2026-04-23 | N/A |
| SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters. | ||||