Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4378 1 Mr. Cgi Guy 1 Hot Links Sql Php 2026-04-23 N/A
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4379 1 Mr. Cgi Guy 1 Hot Links Sql Php 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-4380 1 Samsung 1 Dvr Shr2040 2026-04-23 N/A
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
CVE-2008-4381 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
CVE-2008-4382 1 Kde 1 Konqueror 2026-04-23 N/A
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
CVE-2008-4383 2 Alcatel, Alcatel-lucent 2 Aos, Omniswitch 2026-04-23 N/A
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
CVE-2008-4384 3 Iseemedia, Mgi Software, Roxio 3 Lpviewer, Lpviewer, Lpviewer 2026-04-23 N/A
Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.
CVE-2008-4385 1 Systemrequirementslab 1 System Requirements Lab 2026-04-23 N/A
Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
CVE-2008-4387 3 Microsoft, Sap, Simba Technologies 3 Internet Explorer, Sapgui, Mdrmsap Activex Control 2026-04-23 N/A
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
CVE-2008-4388 1 Symantec 1 Appstream Client 2026-04-23 N/A
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
CVE-2008-4390 1 Cisco 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware 2026-04-23 7.5 High
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.
CVE-2008-4391 1 Cisco 1 Wvc54gc 2026-04-23 N/A
Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments.
CVE-2008-4392 1 D.j.bernstein 1 Djbdns 2026-04-23 N/A
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.
CVE-2008-4393 1 Verisign 1 Kontiki Delivery Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.
CVE-2008-4394 1 Gentoo 1 Portage 2026-04-23 N/A
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.
CVE-2008-4395 2 Linux, Ubuntu 2 Linux Kernel, Linux Kernel 2026-04-23 N/A
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
CVE-2008-4396 1 Safer Networking 1 Filealyzer 2026-04-23 N/A
Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data.
CVE-2008-4397 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2026-04-23 N/A
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
CVE-2008-4398 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2026-04-23 N/A
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.
CVE-2008-4399 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2026-04-23 N/A
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."