Export limit exceeded: 363401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363401 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5107 1 Citrix 2 Desktop Server, Presentation Server 2026-04-23 N/A
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
CVE-2008-5108 1 Adobe 1 Adobe Air 2026-04-23 N/A
Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors.
CVE-2008-5110 1 Oneidentity 1 Syslog-ng 2026-04-23 N/A
syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.
CVE-2008-5111 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function.
CVE-2008-5118 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
CVE-2006-6888 1 P-news 1 P-news 2026-04-23 N/A
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
CVE-2008-5121 4 Bluecoat, Cisco, Citrix and 1 more 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more 2026-04-23 N/A
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
CVE-2008-5126 1 Boutikone 1 Boutikone Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
CVE-2007-1084 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.
CVE-2008-5127 1 Ocean12 Technologies 1 Contact Manager 2026-04-23 N/A
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
CVE-2008-5128 1 Ocean12 Technologies 1 Membership Manager Pro 2026-04-23 N/A
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
CVE-2008-5133 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
CVE-2008-5136 1 Ldrolez 1 Tkusr 2026-04-23 N/A
tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
CVE-2008-5416 1 Microsoft 1 Sql Server 2026-04-23 N/A
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
CVE-2006-5291 1 Alex 1 Downloadengine 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656.
CVE-2008-7251 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
CVE-2008-7252 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
CVE-2009-0102 1 Microsoft 3 Office Project, Project Portfolio Server, Project Server 2026-04-23 N/A
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
CVE-2009-0220 1 Microsoft 1 Office Powerpoint 2026-04-23 N/A
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
CVE-2009-0347 1 Autonomy 1 Ultraseek 2026-04-23 N/A
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.