Export limit exceeded: 13912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346661 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4437 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element. | ||||
| CVE-2008-7026 | 1 Efrontlearning | 1 Efront | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/. | ||||
| CVE-2008-4441 | 2 Linksys, Marvell | 2 Wap400n, 88w8361p-bem1 | 2026-04-23 | N/A |
| The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. | ||||
| CVE-2008-0146 | 1 Hughes Technologies | 1 W3-msql | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI. | ||||
| CVE-2008-4445 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2026-04-23 | N/A |
| The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113. | ||||
| CVE-2008-4446 | 1 Nucleus Cms | 1 Nucleus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4452 | 1 Cambridge Computer Corporation | 1 Vxftpsrv | 2026-04-23 | N/A |
| Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request. | ||||
| CVE-2006-6403 | 1 Mystats | 1 Mystats | 2026-04-23 | N/A |
| mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message. | ||||
| CVE-2008-4455 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie. | ||||
| CVE-2009-2470 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | ||||
| CVE-2008-4456 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. | ||||
| CVE-2009-3077 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." | ||||
| CVE-2008-4458 | 1 E-php Scripts | 1 B2b Trading Marketplace Script | 2026-04-23 | N/A |
| SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action. | ||||
| CVE-2008-4461 | 1 Vastal I-tech | 1 Dating Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter. | ||||
| CVE-2008-4466 | 1 Vastal I-tech | 1 Cosmetics Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2008-4469 | 1 Vastal I-tech | 1 Freelance Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. | ||||
| CVE-2008-4471 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2026-04-23 | N/A |
| Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method. | ||||
| CVE-2008-4472 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2026-04-23 | N/A |
| The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | ||||
| CVE-2008-4474 | 1 Freeradius | 1 Freeradius | 2026-04-23 | N/A |
| freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | ||||
| CVE-2008-4477 | 1 Jim Trocki | 1 Mon | 2026-04-23 | N/A |
| alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file. | ||||