Export limit exceeded: 351912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351912 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1729 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. | ||||
| CVE-2008-1724 | 1 Tumbleweed | 2 Securetransport Server, Securetransport Server App | 2026-04-23 | N/A |
| Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter. | ||||
| CVE-2008-1725 | 1 Nsoftware | 1 Ibiz E-banking Integrator | 2026-04-23 | N/A |
| The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1726 | 1 Myknowledgequest | 1 Knowledgequest | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php. | ||||
| CVE-2008-1727 | 1 Myknowledgequest | 1 Knowledgequest | 2026-04-23 | N/A |
| KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | ||||
| CVE-2008-1730 | 1 Arwscripts | 1 Gallery Script Lite | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | ||||
| CVE-2008-1732 | 1 Predictionfootball | 1 Predictionfootball | 2026-04-23 | N/A |
| SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action. | ||||
| CVE-2008-1733 | 2 Joomla, Pragmaticutopia | 2 Joomla, Com Puarcade | 2026-04-23 | N/A |
| SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | ||||
| CVE-2008-1735 | 1 Bitdefender | 1 Antivirus | 2026-04-23 | N/A |
| BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | ||||
| CVE-2008-1736 | 1 Comodo | 1 Comodo Personal Firewall | 2026-04-23 | N/A |
| Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. | ||||
| CVE-2008-1737 | 1 Sophos | 1 Anti-virus | 2026-04-23 | N/A |
| Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. | ||||
| CVE-2008-1738 | 1 Rising-global | 1 Rising Antivirus | 2026-04-23 | N/A |
| Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | ||||
| CVE-2008-1740 | 1 Cisco | 1 Unified Presence | 2026-04-23 | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. | ||||
| CVE-2008-1741 | 1 Cisco | 1 Unified Presence | 2026-04-23 | N/A |
| The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533. | ||||
| CVE-2008-1742 | 1 Cisco | 1 Unified Communications Manager | 2026-04-23 | N/A |
| Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. | ||||
| CVE-2008-1743 | 1 Cisco | 1 Unified Communications Manager | 2026-04-23 | N/A |
| Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433. | ||||
| CVE-2008-1744 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2026-04-23 | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. | ||||
| CVE-2008-1746 | 1 Cisco | 1 Unified Communications Manager | 2026-04-23 | N/A |
| The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. | ||||
| CVE-2008-1754 | 1 Symantec | 1 Altiris Deployment Solution | 2026-04-23 | N/A |
| Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | ||||
| CVE-2008-1756 | 1 Sun | 1 N1 Grid Engine | 2026-04-23 | N/A |
| Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. | ||||