Vulnerabilities (CVE)

Filtered by CWE-20
Total 10073 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4919 1 Visagesoft 1 Expert Pdf Viewer Activex 2024-11-21 8.8 HIGH N/A
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.
CVE-2008-4910 1 Sun 1 Java Web Start 2024-11-21 10.0 HIGH N/A
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
CVE-2008-4907 1 Dovecot 1 Dovecot 2024-11-21 4.3 MEDIUM N/A
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
CVE-2008-4878 1 Mywebcards 1 Webcards 2024-11-21 8.5 HIGH N/A
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
CVE-2008-4824 1 Adobe 1 Flash Player 2024-11-21 9.3 HIGH N/A
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
CVE-2008-4817 1 Adobe 3 Acrobat, Acrobat Reader, Download Manager 2024-11-21 9.3 HIGH N/A
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
CVE-2008-4814 1 Adobe 2 Acrobat, Acrobat Reader 2024-11-21 9.3 HIGH N/A
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
CVE-2008-4812 1 Adobe 2 Acrobat, Acrobat Reader 2024-11-21 9.3 HIGH N/A
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
CVE-2008-4794 1 Opera 1 Opera 2024-11-21 9.3 HIGH N/A
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
CVE-2008-4770 1 Realvnc 1 Realvnc 2024-11-21 10.0 HIGH N/A
The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
CVE-2008-4767 2 Php-nuke, Phpnuke 2 Downloadsplus Module, Php-nuke 2024-11-21 9.0 HIGH N/A
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
CVE-2008-4748 1 Kvirc 1 Kvirc 2024-11-21 7.6 HIGH N/A
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
CVE-2008-4682 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM N/A
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
CVE-2008-4681 1 Wireshark 1 Wireshark 2024-11-21 4.3 MEDIUM N/A
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
CVE-2008-4641 1 Sentex 1 Jhead 2024-11-21 10.0 HIGH N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
CVE-2008-4640 1 Sentex 1 Jhead 2024-11-21 3.6 LOW N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
CVE-2008-4618 1 Linux 1 Linux Kernel 2024-11-21 7.8 HIGH N/A
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
CVE-2008-4616 2 The Spanner, Wordpress 2 Spambam Plugin, Spambam Plugin 2024-11-21 5.0 MEDIUM N/A
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.
CVE-2008-4559 1 Hp 1 Openview Network Node Manager 2024-11-21 10.0 HIGH N/A
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.
CVE-2008-4549 1 Imageshack 1 Imageshack Toolbar 2024-11-21 2.6 LOW N/A
The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method.