Export limit exceeded: 363318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363318 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1483 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2026-04-23 | N/A |
| OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. | ||||
| CVE-2008-1484 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737. | ||||
| CVE-2008-1485 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php. | ||||
| CVE-2008-1486 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search. | ||||
| CVE-2008-1487 | 1 Linpha | 1 Linpha | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php. | ||||
| CVE-2008-1488 | 1 Pecl-php | 1 Alternative Php Cache | 2026-04-23 | N/A |
| Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename. | ||||
| CVE-2008-1489 | 1 Videolan | 1 Vlc | 2026-04-23 | N/A |
| Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. | ||||
| CVE-2008-1490 | 2 Aurigma, Piczo | 2 Image Uploader Activex Control, Imageuploader4 | 2026-04-23 | N/A |
| Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659. | ||||
| CVE-2008-1491 | 1 Asus | 1 Remote Console | 2026-04-23 | N/A |
| Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623. | ||||
| CVE-2008-1492 | 1 Coronamatrix | 1 Phpaddressbook | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0. | ||||
| CVE-2008-1493 | 1 Cuteflow-bin | 1 Cuteflow Bin | 2026-04-23 | N/A |
| Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
| CVE-2008-1494 | 1 Easy-clanpage | 1 Easy-clanpage | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/module/online.php in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a user details action, a different vector than CVE-2008-1425. | ||||
| CVE-2008-1495 | 1 Peel | 1 Peel | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf. | ||||
| CVE-2008-1496 | 1 Peel | 1 Peel | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php. | ||||
| CVE-2008-1497 | 1 Netwin | 1 Surgemail | 2026-04-23 | N/A |
| Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command. | ||||
| CVE-2008-1498 | 1 Netwin | 1 Surgemail | 2026-04-23 | N/A |
| Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command. | ||||
| CVE-2008-1499 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2008-1500 | 1 Tinyportal | 1 Tinyportal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1501 | 2 Ircu, Quakenet | 2 Ircu, Snircd | 2026-04-23 | N/A |
| The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command. | ||||
| CVE-2008-1502 | 2 Egroupware, Moodle | 2 Egroupware, Moodle | 2026-04-23 | N/A |
| The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. | ||||