Export limit exceeded: 26361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3962 1 Ssmtp 1 Ssmtp 2026-04-23 N/A
The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.
CVE-2008-3960 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
CVE-2008-3957 1 Microsoft 1 Windows Image Acquisition Logger 2026-04-23 N/A
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3410 1 Epic Games 1 Unreal Tournament 3 2026-04-23 N/A
Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c.
CVE-2008-3400 1 Xrms 1 Xrms Crm 2026-04-23 N/A
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
CVE-2008-3396 1 Epic Games 1 Unreal Tournament 2004 2026-04-23 N/A
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
CVE-2008-3362 2 Giulio Ganci, Wordpress 2 Wp Downloads Manager, Wp Downloads Manager 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
CVE-2008-3339 1 Avidweb Technologies 1 Jobbex Jobsite 2026-04-23 N/A
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.
CVE-2008-3337 1 Powerdns 2 Authoritative Server, Powerdns 2026-04-23 N/A
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
CVE-2008-3327 1 Moodle 1 Moodle 2026-04-23 N/A
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
CVE-2008-3323 1 Redhat 1 Cygwin 2026-04-23 N/A
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
CVE-2008-3314 1 Zdaemon 1 Zdaemon 2026-04-23 N/A
ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference.
CVE-2009-4333 1 Ibm 1 Db2 2026-04-23 N/A
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
CVE-2009-4327 1 Ibm 1 Db2 2026-04-23 N/A
The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2009-4326 1 Ibm 1 Db2 2026-04-23 N/A
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
CVE-2008-3304 1 Tuxplanet 1 Bilboblog 2026-04-23 N/A
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
CVE-2008-3287 1 Emc Dantz 1 Retrospect Backup Client 2026-04-23 N/A
retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference.
CVE-2008-3286 1 Sierra 1 Swat 4 2026-04-23 N/A
SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.
CVE-2008-3274 1 Redhat 2 Enterprise Ipa, Freeipa 2026-04-23 N/A
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
CVE-2008-3272 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2026-04-23 N/A
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.