Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3841 1 Openfreeway 1 Freeway 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter.
CVE-2008-3856 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.
CVE-2008-3854 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.
CVE-2008-3872 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations.
CVE-2008-3871 1 Ezbsystems 1 Ultraiso 2026-04-23 N/A
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
CVE-2008-3873 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.
CVE-2008-3874 1 Lussumo 1 Vanilla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information.
CVE-2008-3883 1 Caudium 1 Caudium 2026-04-23 N/A
configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file.
CVE-2008-3881 1 Zoneminder 1 Zoneminder 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.
CVE-2008-3882 1 Zoneminder 1 Zoneminder 2026-04-23 N/A
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.
CVE-2008-3890 2 Amd, Freebsd 2 Amd64, Freebsd 2026-04-23 N/A
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.
CVE-2008-3891 1 Google 1 Google Apps 2026-04-23 N/A
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
CVE-2008-3927 1 Tiger 1 Tiger 2026-04-23 N/A
genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.
CVE-2008-3917 1 Ovidentia 1 Ovidentia 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.
CVE-2008-3930 1 Debian 1 Citadel Server 2026-04-23 N/A
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-3938 1 Opendb 1 Opendb 2026-04-23 8.8 High
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
CVE-2008-3940 1 Hp 1 Openvms 2026-04-23 N/A
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.
CVE-2008-3941 1 Bizdirectory 1 Bizdirectory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.
CVE-2008-3942 1 Ozsari 1 Full Php Emlak Script 2026-04-23 N/A
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3948 1 Xrms 1 Xrms Crm 2026-04-23 N/A
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.