Total
10073 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4919 | 1 Visagesoft | 1 Expert Pdf Viewer Activex | 2024-11-21 | 8.8 HIGH | N/A |
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. | |||||
CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2024-11-21 | 10.0 HIGH | N/A |
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
CVE-2008-4907 | 1 Dovecot | 1 Dovecot | 2024-11-21 | 4.3 MEDIUM | N/A |
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." | |||||
CVE-2008-4878 | 1 Mywebcards | 1 Webcards | 2024-11-21 | 8.5 HIGH | N/A |
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | |||||
CVE-2008-4824 | 1 Adobe | 1 Flash Player | 2024-11-21 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." | |||||
CVE-2008-4817 | 1 Adobe | 3 Acrobat, Acrobat Reader, Download Manager | 2024-11-21 | 9.3 HIGH | N/A |
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. | |||||
CVE-2008-4814 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-11-21 | 9.3 HIGH | N/A |
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." | |||||
CVE-2008-4812 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-11-21 | 9.3 HIGH | N/A |
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. | |||||
CVE-2008-4794 | 1 Opera | 1 Opera | 2024-11-21 | 9.3 HIGH | N/A |
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. | |||||
CVE-2008-4770 | 1 Realvnc | 1 Realvnc | 2024-11-21 | 10.0 HIGH | N/A |
The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type." | |||||
CVE-2008-4767 | 2 Php-nuke, Phpnuke | 2 Downloadsplus Module, Php-nuke | 2024-11-21 | 9.0 HIGH | N/A |
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality. | |||||
CVE-2008-4748 | 1 Kvirc | 1 Kvirc | 2024-11-21 | 7.6 HIGH | N/A |
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. | |||||
CVE-2008-4682 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 5.0 MEDIUM | N/A |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | |||||
CVE-2008-4681 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | |||||
CVE-2008-4641 | 1 Sentex | 1 Jhead | 2024-11-21 | 10.0 HIGH | N/A |
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||||
CVE-2008-4640 | 1 Sentex | 1 Jhead | 2024-11-21 | 3.6 LOW | N/A |
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. | |||||
CVE-2008-4618 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 HIGH | N/A |
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | |||||
CVE-2008-4616 | 2 The Spanner, Wordpress | 2 Spambam Plugin, Spambam Plugin | 2024-11-21 | 5.0 MEDIUM | N/A |
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | |||||
CVE-2008-4559 | 1 Hp | 1 Openview Network Node Manager | 2024-11-21 | 10.0 HIGH | N/A |
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205. | |||||
CVE-2008-4549 | 1 Imageshack | 1 Imageshack Toolbar | 2024-11-21 | 2.6 LOW | N/A |
The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method. |