Export limit exceeded: 363680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9540 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2420 1 Stunnel 1 Stunnel 2026-04-23 N/A
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
CVE-2008-2402 1 Sun 1 Java Asp Server 2026-04-23 N/A
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.
CVE-2008-2400 1 Stunnel 1 Stunnel 2026-04-23 N/A
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.
CVE-2008-2378 1 Hf 1 Hf 2026-04-23 N/A
Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option.
CVE-2008-2367 1 Redhat 1 Certificate System 2026-04-23 N/A
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.
CVE-2008-2349 1 Zomp 1 Zomplog 2026-04-23 N/A
Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1.
CVE-2008-2348 1 Meltingicefs 1 Meltingice File System 2026-04-23 N/A
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.
CVE-2008-2346 1 Alkalinephp 1 Alkalinephp 2026-04-23 N/A
AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.
CVE-2008-2343 1 News Manager 1 News Manager 2026-04-23 N/A
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
CVE-2008-2338 1 Interspire 1 Activekb 2026-04-23 N/A
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
CVE-2008-2331 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.
CVE-2008-2324 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.
CVE-2008-2314 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
CVE-2008-2313 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.
CVE-2008-2309 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
CVE-2008-2308 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
CVE-2008-2306 2 Apple, Microsoft 3 Safari, Windows Vista, Windows Xp 2026-04-23 N/A
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
CVE-2008-2300 1 Citrix 4 Access Essentials, Citrix Presentation Server, Desktop Server and 1 more 2026-04-23 N/A
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
CVE-2008-2019 1 Simple Machines 1 Smf 2026-04-23 N/A
Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308.
CVE-2008-2003 1 Badblue 1 Badblue 2026-04-23 N/A
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.