Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2312 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
CVE-2008-2313 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.
CVE-2008-5010 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
CVE-2007-5597 1 Drupal 1 Drupal 2026-04-23 N/A
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.
CVE-2008-2320 1 Apple 3 Carboncore, Mac Os X, Mac Os X Server 2026-04-23 N/A
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.
CVE-2008-5077 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2026-04-23 N/A
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
CVE-2008-2325 1 Apple 3 Mac Os X, Mac Os X Server, Quicklook 2026-04-23 N/A
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
CVE-2008-0135 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
CVE-2008-5111 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function.
CVE-2009-2992 1 Adobe 2 Acrobat, Acrobat Reader 2026-04-23 N/A
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.
CVE-2008-4051 1 Jandus Technologies 1 Smart Survey 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2329 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
CVE-2008-5048 1 Isecsoft 1 Anti-trojan Elite 2026-04-23 N/A
Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL.
CVE-2008-5049 1 Isecsoft 1 Anti-keylogger Elite 2026-04-23 N/A
Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL.
CVE-2008-5053 1 Joomla 2 Com Rssreader, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2008-5063 1 Otmanager 1 Otmanager 2026-04-23 N/A
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
CVE-2008-5068 1 Kkeim 1 Kmita Gallery 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1911 2 Claudio Klingler, Tinywebgallery 2 Quixplorer, Tinywebgallery 2026-04-23 N/A
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
CVE-2008-6842 1 Pluck-cms 1 Pluck 2026-04-23 N/A
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
CVE-2009-2995 1 Adobe 1 Acrobat 2026-04-23 N/A
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.