Export limit exceeded: 18983 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (18983 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3008 1 Microsoft 5 Windows-nt, Windows 2000, Windows 2003 Server and 2 more 2026-04-23 N/A
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
CVE-2008-3648 1 Microsoft 1 Windows Xp 2026-04-23 N/A
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
CVE-2008-3630 2 Apple, Microsoft 6 Bonjour, Windows-nt, Windows 2000 and 3 more 2026-04-23 N/A
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
CVE-2008-3629 2 Apple, Microsoft 6 Mac Os X, Mac Os X Server, Quicktime and 3 more 2026-04-23 N/A
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
CVE-2008-0927 2 Microsoft, Novell 2 Windows-nt, Edirectory 2026-04-23 N/A
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
CVE-2008-3628 2 Apple, Microsoft 2 Quicktime, Windows 2026-04-23 N/A
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."
CVE-2008-2841 2 Microsoft, Xchat 3 Internet Explorer, Windows Nt, Xchat 2026-04-23 N/A
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
CVE-2008-3624 2 Apple, Microsoft 5 Mac Os X, Quicktime, Windows-nt and 2 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
CVE-2008-0011 1 Microsoft 6 Directx, Windows-nt, Windows 2000 and 3 more 2026-04-23 N/A
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
CVE-2008-2821 2 Glub, Microsoft 2 Secure Ftp, Windows Nt 2026-04-23 N/A
Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2009-3532 2 Logrover, Microsoft 2 Logrover, Windows 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-3615 2 Apple, Microsoft 2 Quicktime, Windows 2026-04-23 N/A
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
CVE-2008-3614 2 Apple, Microsoft 4 Quicktime, Windows-nt, Windows Vista and 1 more 2026-04-23 N/A
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
CVE-2008-2747 2 Microsoft, No-ip 2 Windows, Dynamic Update Client 2026-04-23 N/A
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
CVE-2006-6252 1 Microsoft 1 Windows Live Messenger 2026-04-23 N/A
Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
CVE-2008-2547 1 Microsoft 1 Windows Installer 2026-04-23 N/A
Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.
CVE-2008-2540 2 Apple, Microsoft 6 Safari, Internet Explorer, Windows Server 2003 and 3 more 2026-04-23 N/A
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
CVE-2009-1628 2 Microsoft, Unisys 2 Windows, Business Information Server 2026-04-23 N/A
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2006-7030 1 Microsoft 8 Ie, Windows 2000, Windows 2003 Server and 5 more 2026-04-23 N/A
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
CVE-2007-3091 1 Microsoft 6 Internet Explorer, Windows 2000, Windows 2003 Server and 3 more 2026-04-23 N/A
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."