Export limit exceeded: 364353 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1605 1 Leadtools 1 Multimedia Toolkit 2026-04-23 N/A
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.
CVE-2008-1606 1 Elastic Path 1 Elastic Path 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
CVE-2008-1607 1 Serby Arslanhan 1 Bomba Haber 2026-04-23 N/A
SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.
CVE-2008-1608 1 Clever Copy 1 Clever Copy 2026-04-23 N/A
SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583.
CVE-2008-1609 1 Jaf Cms 1 Jaf Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
CVE-2008-1610 1 Tallsoft Quick 1 Tftp Server Pro 2026-04-23 N/A
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
CVE-2008-1611 1 Tftp-server 1 Winagents Tftp Server 2026-04-23 N/A
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
CVE-2008-1614 1 Sebastian Marsching 1 Suphp 2026-04-23 N/A
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.
CVE-2008-1615 2 Amd, Redhat 4 Amd64, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-23 N/A
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
CVE-2008-1617 1 Interwoven 1 Worksite Web 2026-04-23 N/A
Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.
CVE-2008-1618 1 Watchguard 1 Firebox Pptp Vpn 2026-04-23 N/A
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
CVE-2008-1619 2 Redhat, Xensource Inc 2 Enterprise Linux, Xen 2026-04-23 N/A
The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.
CVE-2008-1620 1 2x 1 Thinclientserver 2026-04-23 N/A
Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename.
CVE-2008-1621 1 Geertsen Holdings Inc 1 Geecarts 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1622 1 Geertsen Holdings Inc 1 Geecarts 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1623 1 Lotus Web Studios Inc 1 Smoothflash 2026-04-23 N/A
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-1624 1 Whorl Ltd 1 Jshop Server 2026-04-23 N/A
Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter.
CVE-2008-1625 1 Avast 2 Avast Antivirus Home, Avast Antivirus Professional 2026-04-23 N/A
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
CVE-2008-1626 1 Eggblog 1 Eggblog 2026-04-23 N/A
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
CVE-2008-1627 1 Cds Software Consortium 1 Invenio 2026-04-23 N/A
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.