Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4488 1 Atarone 1 Atarone 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4489 1 Atarone 1 Atarone 2026-04-23 N/A
Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4490 1 Phpabook 1 Phpabook 2026-04-23 N/A
Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie.
CVE-2008-4491 1 Apple 2 Mac Os X, Mail 2026-04-23 N/A
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
CVE-2008-4492 1 Yourownbux 1 Yourownbux 2026-04-23 N/A
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
CVE-2008-4493 1 Microsoft 1 Digital Image 2026-04-23 N/A
Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
CVE-2008-4494 1 Torrenttrader 1 Torrenttrader 2026-04-23 N/A
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4496 1 Select Development Solutions 1 Php Realtor 2026-04-23 N/A
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
CVE-2008-4497 1 Built2go 1 Real Estate Listings 2026-04-23 N/A
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
CVE-2008-4498 1 Phpautos 1 Phpautos 2026-04-23 N/A
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-4499 1 Php Web Explorer 1 Php Web Explorer Lite 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
CVE-2008-4500 1 Solarwinds 1 Serv-u File Server 2026-04-23 N/A
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
CVE-2008-4501 1 Solarwinds 1 Serv-u File Server 2026-04-23 N/A
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
CVE-2008-4502 1 Datafeedfile 1 Dff Framework Api 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
CVE-2008-4503 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."
CVE-2008-4504 1 Herosoft 1 Hero Dvd Player 2026-04-23 N/A
Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a "long entry." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4505 1 Ibm 1 Lotus Quickr 2026-04-23 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability.
CVE-2008-4506 1 Ibm 1 Lotus Quickr 2026-04-23 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors.
CVE-2008-4507 1 Ibm 1 Lotus Quickr 2026-04-23 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.
CVE-2008-4508 1 Tonec Inc. 1 Internet Download Manager 2026-04-23 N/A
Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210.