Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3477 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2026-04-23 N/A
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
CVE-2008-3479 1 Microsoft 1 Windows 2000 2026-04-23 N/A
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
CVE-2008-3480 1 Anzio 2 Print Wizard, Web Print Object 2026-04-23 N/A
Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.
CVE-2008-3481 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-04-23 N/A
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2008-3482 1 Panasonic 8 Bb Hcm511, Bb Hcm515, Bb Hcm527 and 5 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3483 1 Screwturn 1 Screwturn Wiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.
CVE-2008-3484 1 Estoreaff 1 Estoreaff 2026-04-23 N/A
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.
CVE-2008-3485 1 Citrix 2 Metaframe Presentation Server, Xp 2026-04-23 N/A
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
CVE-2008-3486 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-04-23 N/A
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
CVE-2008-3487 1 Phpauctions 1 Phpauction Gpl Enhanced 2026-04-23 N/A
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3488 1 Novell 1 Imanager 2026-04-23 N/A
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.
CVE-2008-3489 1 Phpx 1 Phpx 2026-04-23 N/A
SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.
CVE-2008-3490 1 E-topbiz 1 Online Dating 2026-04-23 N/A
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.
CVE-2008-3491 1 Scripts24 2 Ipost, Itgp 2026-04-23 N/A
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
CVE-2008-3492 1 Americasarmy 1 America\'s Army 2026-04-23 N/A
America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS.
CVE-2008-3493 1 Realvnc 1 Realvnc Windows Client 2026-04-23 N/A
vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet.
CVE-2008-3494 1 8e6 1 R3000 Internet Filter 2026-04-23 N/A
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.
CVE-2008-3495 1 Aspindir 1 Pcshey Portal 2026-04-23 N/A
SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.
CVE-2008-3496 1 Linux 1 Linux Kernel 2026-04-23 N/A
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
CVE-2008-3497 1 Myphp Cms 1 Myphp Cms 2026-04-23 N/A
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.