Export limit exceeded: 364251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3944 1 Discountedscripts 1 Acg Ptp 2026-04-23 N/A
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
CVE-2008-3945 1 Source Workshop 1 Words Tag Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
CVE-2008-3946 1 Hp 1 Openvms 2026-04-23 N/A
The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.
CVE-2008-3947 1 Hp 1 Openvms 2026-04-23 N/A
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
CVE-2008-3949 1 Suse 1 Suse Linux 2026-04-23 N/A
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
CVE-2008-3950 1 Apple 3 Iphone, Ipod Touch, Safari 2026-04-23 N/A
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
CVE-2008-3951 1 Vastal 1 Agent Zone 2026-04-23 N/A
SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.
CVE-2008-3952 1 Editeurscripts Esfaq 1 2.0 2026-04-23 N/A
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
CVE-2008-3953 1 Vastal 1 Shaadi Zone 2026-04-23 N/A
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
CVE-2008-3954 1 Alstrasoft 1 Forum Pay Per Post Exchange 2026-04-23 N/A
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action.
CVE-2008-3955 1 Masir Camp 1 E-shop Module 2026-04-23 N/A
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.
CVE-2008-3956 1 Microsoft 1 Organization Chart 2026-04-23 N/A
orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
CVE-2008-3965 1 Mybb 1 Mybb 2026-04-23 N/A
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.
CVE-2008-3957 1 Microsoft 1 Windows Image Acquisition Logger 2026-04-23 N/A
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3958 1 Ibm 1 Db2 2026-04-23 N/A
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.
CVE-2008-3959 1 Ibm 1 Db2 2026-04-23 N/A
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
CVE-2008-3960 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
CVE-2008-3961 1 Adobe 1 Illustrator 2026-04-23 N/A
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file.
CVE-2008-3962 1 Ssmtp 1 Ssmtp 2026-04-23 N/A
The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.
CVE-2008-3963 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-23 N/A
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.