Search Results (24974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4922 2 Djvu, Microsoft 2 Activex Control For Microsoft Office 2000, Office 2026-04-23 N/A
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
CVE-2008-4927 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5026 1 Microsoft 1 Sharepoint Server 2026-04-23 N/A
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.
CVE-2008-5044 1 Microsoft 2 Windows Server 2003, Windows Vista 2026-04-23 N/A
Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
CVE-2008-4582 4 Canonical, Debian, Microsoft and 1 more 5 Ubuntu Linux, Debian Linux, Windows and 2 more 2026-04-23 N/A
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.
CVE-2008-4609 12 Bsd, Bsdi, Cisco and 9 more 22 Bsd, Bsd Os, Catalyst Blade Switch 3020 and 19 more 2026-04-23 N/A
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
CVE-2008-4699 1 Microsoft 1 Peachtree Accounting 2026-04-23 N/A
Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.
CVE-2008-4787 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025.
CVE-2008-4788 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.
CVE-2008-4800 1 Microsoft 1 Debug Diagnostic Tool 2026-04-23 N/A
The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
CVE-2008-4381 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
CVE-2008-4387 3 Microsoft, Sap, Simba Technologies 3 Internet Explorer, Sapgui, Mdrmsap Activex Control 2026-04-23 N/A
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
CVE-2008-4420 4 Filestream, Hp, Innermedia and 1 more 5 Turbozip, Openview Performance Agent, Dynazip Max and 2 more 2026-04-23 N/A
Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.
CVE-2008-4493 1 Microsoft 1 Digital Image 2026-04-23 N/A
Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
CVE-2008-4510 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
CVE-2008-4540 2 Htc, Microsoft 2 Hermes, Windows Mobile 2026-04-23 N/A
Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.
CVE-2008-4197 5 Freebsd, Linux, Microsoft and 2 more 5 Freebsd, Linux Kernel, Windows and 2 more 2026-04-23 8.8 High
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
CVE-2008-4252 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
CVE-2008-4253 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
CVE-2008-4254 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."