Export limit exceeded: 364926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3395 2 Calacode, Linux 2 Atmail, Linux Kernel 2026-04-23 N/A
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3376 1 Jamroom 1 Jamroom 2026-04-23 N/A
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
CVE-2008-3096 1 Drupal 1 Outline Designer Module 2026-04-23 N/A
The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.
CVE-2008-3064 1 Realnetworks 1 Realplayer 2026-04-23 N/A
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
CVE-2008-3047 1 Typo3 1 Kb Unpack Extension 2026-04-23 N/A
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2008-3046 1 Typo3 1 Packman Extension 2026-04-23 N/A
Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2008-3042 1 Typo3 1 Dam Frontend Extension 2026-04-23 N/A
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling."
CVE-2008-3041 1 Typo3 1 Dam Frontend Extension 2026-04-23 N/A
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control."
CVE-2008-3000 1 Drupal 1 Aggregation Module 2026-04-23 N/A
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
CVE-2008-2940 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2026-04-23 N/A
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
CVE-2008-2936 2 Postfix, Redhat 2 Postfix, Enterprise Linux 2026-04-23 N/A
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
CVE-2008-2931 6 Canonical, Debian, Linux and 3 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2026-04-23 7.8 High
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
CVE-2008-2882 1 Aspindir 1 Shibby Shop 2026-04-23 N/A
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
CVE-2008-2873 1 Aspindir 1 Shibby Shop 2026-04-23 N/A
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
CVE-2008-2830 1 Apple 1 Mac Os X 2026-04-23 N/A
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.
CVE-2008-2827 1 Perl 1 Perl 2026-04-23 N/A
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
CVE-2008-2551 1 Icona 1 Instant Messenger 2026-04-23 N/A
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."
CVE-2008-2540 2 Apple, Microsoft 6 Safari, Internet Explorer, Windows Server 2003 and 3 more 2026-04-23 N/A
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
CVE-2008-2539 1 Sun 1 Cluster 2026-04-23 N/A
The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors.
CVE-2008-2515 1 Ibm 1 Aix 2026-04-23 N/A
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."