Export limit exceeded: 364308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4230 1 Apple 2 Iphone Os, Ipod Touch 2026-04-23 N/A
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
CVE-2008-4231 1 Apple 3 Iphone Os, Ipod Touch, Safari 2026-04-23 N/A
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVE-2008-4232 1 Apple 3 Iphone Os, Ipod Touch, Safari 2026-04-23 N/A
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
CVE-2008-4233 1 Apple 3 Iphone Os, Ipod Touch, Safari 2026-04-23 N/A
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
CVE-2008-4234 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.
CVE-2008-4236 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file.
CVE-2008-4237 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.
CVE-2008-4241 1 Cj 1 Ultra Plus 2026-04-23 N/A
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.
CVE-2008-4242 1 Proftpd Project 1 Proftpd 2026-04-23 N/A
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
CVE-2008-4243 1 Epic Games 1 Unreal Tournament 3 2026-04-23 N/A
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2008-4244 1 Rianxosencabos Cms 1 Rianxosencabos Cms 2026-04-23 N/A
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
CVE-2008-4245 1 Rianxosencabos Cms 1 Rianxosencabos Cms 2026-04-23 N/A
The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
CVE-2008-4246 1 Denora Irc Stats 1 Denora Irc Stats 2026-04-23 N/A
Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allows remote IRC servers to cause a denial of service (application crash) via a crafted CTCP response.
CVE-2008-4247 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-23 N/A
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
CVE-2008-4252 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
CVE-2008-4253 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
CVE-2008-4254 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
CVE-2008-4255 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
CVE-2008-4318 1 Project-observer 1 Observer 2026-04-23 N/A
Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.
CVE-2008-4256 1 Microsoft 5 Office Frontpage, Project, Visual Basic and 2 more 2026-04-23 N/A
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."