Search Results (26340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4033 1 Microsoft 13 Expression Web, Groove, Office and 10 more 2026-04-23 N/A
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
CVE-2008-5709 1 Avaya 1 Communication Manager 2026-04-23 N/A
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
CVE-2008-5695 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
CVE-2008-0736 1 Shoppingtree 1 Candypress Store 2026-04-23 N/A
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
CVE-2008-3766 1 Realtime Internet Band Rehearsal 1 Low Latency Internet Connection Tool 2026-04-23 N/A
Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages.
CVE-2008-0876 1 Hitachi 2 Sewb3 Mi-platform, Sewb3 Platform 2026-04-23 N/A
Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data."
CVE-2008-0892 1 Redhat 2 Directory Server, Fedora Directory Server 2026-04-23 N/A
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
CVE-2008-3763 1 Turnkeywebtools 1 Php Live Helper 2026-04-23 N/A
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
CVE-2008-3761 1 Vmware 1 Vmware Workstation 2026-04-23 N/A
hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.
CVE-2008-1062 1 Intervideo 1 Windvd Media Center 2026-04-23 N/A
InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4824 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
CVE-2008-1252 1 Deutsche Telekom 1 Speedport W500 Dsl Router 2026-04-23 N/A
b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.
CVE-2008-6159 1 Hans Oesterholt 1 Cmme 2026-04-23 N/A
Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function.
CVE-2008-1270 1 Lighttpd 1 Lighttpd 2026-04-23 N/A
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
CVE-2008-6207 1 Phpg Upload 1 Phpg Upload 2026-04-23 N/A
Unrestricted file upload vulnerability in form_upload.php in PHPG Upload 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1366 1 Trend Micro 1 Officescan Corporate Edition 2026-04-23 N/A
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.
CVE-2008-4919 1 Visagesoft 1 Expert Pdf Viewer Activex 2026-04-23 N/A
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.
CVE-2008-4930 1 Mybb 1 Mybb 2026-04-23 N/A
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.
CVE-2008-3578 1 Hydrairc 1 Hydrairc 2026-04-23 N/A
HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.
CVE-2008-1532 1 Perlbal 1 Perlbal 2026-04-23 N/A
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.