Export limit exceeded: 367185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367185 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4366 1 Camera Life 1 Camera Life 2026-04-23 N/A
Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload.
CVE-2008-4368 1 Apple 1 Mac Os X 2026-04-23 N/A
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.
CVE-2008-4369 1 Availscript 1 Availscript Photo Album 2026-04-23 N/A
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2008-4370 1 Availscript 1 Availscript Photo Album 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.
CVE-2008-4371 1 Availscript 1 Availscript Article Script 2026-04-23 N/A
SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.
CVE-2008-4372 1 Availscript 1 Availscript Article Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.
CVE-2008-4373 1 Availscript 1 Availscript Jobs Portal Script 2026-04-23 N/A
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
CVE-2008-4374 1 Cmsbuzz 1 Cms Buzz 2026-04-23 N/A
SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action.
CVE-2008-4375 1 Availscript 1 Availscript Classmate Script 2026-04-23 N/A
SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2008-4376 1 Livetvscript 1 Live Tv Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-4378 1 Mr. Cgi Guy 1 Hot Links Sql Php 2026-04-23 N/A
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4379 1 Mr. Cgi Guy 1 Hot Links Sql Php 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-4380 1 Samsung 1 Dvr Shr2040 2026-04-23 N/A
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
CVE-2008-4381 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
CVE-2008-4382 1 Kde 1 Konqueror 2026-04-23 N/A
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
CVE-2008-4383 2 Alcatel, Alcatel-lucent 2 Aos, Omniswitch 2026-04-23 N/A
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
CVE-2008-4384 3 Iseemedia, Mgi Software, Roxio 3 Lpviewer, Lpviewer, Lpviewer 2026-04-23 N/A
Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.
CVE-2008-4385 1 Systemrequirementslab 1 System Requirements Lab 2026-04-23 N/A
Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
CVE-2008-4387 3 Microsoft, Sap, Simba Technologies 3 Internet Explorer, Sapgui, Mdrmsap Activex Control 2026-04-23 N/A
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
CVE-2008-4388 1 Symantec 1 Appstream Client 2026-04-23 N/A
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.