Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364156 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2026-04-23 | N/A |
| Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-3904 | 1 Lxde | 2 Gpicview, Lightweight X11 Desktop Environment | 2026-04-23 | N/A |
| src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | ||||
| CVE-2008-3905 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2026-04-23 | N/A |
| resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
| CVE-2008-3906 | 2 Mono, Mono Project | 2 Mono, Mono | 2026-04-23 | N/A |
| CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. | ||||
| CVE-2008-3442 | 1 Winzip | 1 Winzip | 2026-04-23 | N/A |
| WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| CVE-2008-3443 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2026-04-23 | N/A |
| The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. | ||||
| CVE-2008-3444 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." | ||||
| CVE-2008-3445 | 1 Phpmyrealty | 1 Phpmyrealty | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter. | ||||
| CVE-2008-3446 | 1 Letterit | 1 Letterit | 2026-04-23 | N/A |
| Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
| CVE-2008-3447 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2026-04-23 | N/A |
| The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets. | ||||
| CVE-2008-3448 | 1 Common-solutions | 1 Csphonebook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. | ||||
| CVE-2008-3449 | 1 Mailenable | 1 Mailenable | 2026-04-23 | N/A |
| MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. | ||||
| CVE-2008-3450 | 1 Sun | 1 Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | ||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | ||||
| CVE-2008-3452 | 1 Endonesia | 2 Calendar Module, Endonesia | 2026-04-23 | N/A |
| SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php. | ||||
| CVE-2008-3453 | 1 Impresscms | 1 Impresscms | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files." | ||||
| CVE-2008-3454 | 1 Jnshosts | 1 Php Hosting Directory | 2026-04-23 | N/A |
| JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1. | ||||
| CVE-2008-3455 | 1 Jnshosts | 1 Php Hosting Directory | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter. | ||||
| CVE-2008-3456 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. | ||||
| CVE-2008-3457 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. | ||||