Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5286 2 Apple, Redhat 2 Cups, Enterprise Linux 2026-04-23 N/A
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
CVE-2008-5287 1 Scripts4you 1 Faq Manager 2026-04-23 N/A
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-5305 1 Twiki 1 Twiki 2026-04-23 N/A
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
CVE-2008-5325 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5320 1 E107 1 E107 2026-04-23 N/A
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
CVE-2008-5319 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.
CVE-2008-5321 2 Xoops, Xoops Hocasi 2 Xoops, Gesgaleri 2026-04-23 N/A
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2008-5322 1 Easy-script 1 Wysi Wiki Wyg 2026-04-23 N/A
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.
CVE-2008-5323 1 Easy-script 1 Wysi Wiki Wyg 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2008-5324 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5342 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2026-04-23 N/A
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.
CVE-2008-5347 2 Redhat, Sun 3 Rhel Extras, Jdk, Jre 2026-04-23 N/A
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.
CVE-2008-5385 1 Ibm 1 Aix 2026-04-23 N/A
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.
CVE-2008-5354 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Jdk and 2 more 2026-04-23 N/A
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
CVE-2008-5363 2 Adobe, Redhat 3 Air, Flash Player, Rhel Extras 2026-04-23 N/A
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
CVE-2008-5383 1 National Instruments 1 Electronics Workbench 2026-04-23 N/A
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file.
CVE-2008-5367 1 Marco D\'itri 1 Ppp-udeb 2026-04-23 N/A
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.
CVE-2008-5366 1 Marco D\'itri 1 Ppp 2026-04-23 N/A
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.
CVE-2008-5369 1 No-ip 1 No-ip2 2026-04-23 N/A
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.
CVE-2008-5370 1 Pvpgn 1 Pvpgn 2026-04-23 N/A
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.