Export limit exceeded: 364891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364891 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3646 1 Apple 1 Mac Os X 2026-04-23 N/A
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
CVE-2008-3647 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
CVE-2008-3648 1 Microsoft 1 Windows Xp 2026-04-23 N/A
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
CVE-2008-3649 1 Articlefriendly 1 Article Friendly 2026-04-23 N/A
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
CVE-2008-3650 1 Horde 1 Groupware Webmail Edition 2026-04-23 N/A
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
CVE-2008-3651 2 Linux, Redhat 2 Ipsec Tools Racoon Daemon, Enterprise Linux 2026-04-23 N/A
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
CVE-2008-3652 2 Ipsec-tools, Redhat 2 Ipsec-tools, Enterprise Linux 2026-04-23 N/A
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
CVE-2008-3653 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
CVE-2008-3655 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
CVE-2008-3656 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
CVE-2008-3657 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
CVE-2008-3658 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-23 N/A
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVE-2008-3659 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
CVE-2008-3660 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-23 N/A
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
CVE-2008-3661 1 Drupal 1 Drupal 2026-04-23 N/A
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2008-3662 1 Gallery 1 Gallery 2026-04-23 N/A
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2008-3663 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2008-3664 1 Xrms 1 Xrms Crm 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.
CVE-2008-3666 1 Sun 3 Opensolaris, Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.
CVE-2008-3667 1 Maxthon 1 Maxthon Browser 2026-04-23 N/A
Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.