Search Results (362524 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2541 1 Ca 1 Etrust Secure Content Manager 2026-04-23 N/A
Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.
CVE-2008-2543 1 Asterisk 1 Asterisk-addons 2026-04-23 N/A
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.
CVE-2008-2545 1 Skype Technologies 1 Skype 2026-04-23 N/A
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
CVE-2008-2548 1 Motorola 1 Razr 2026-04-23 N/A
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.
CVE-2008-2559 1 Damian Frizza 1 Borland Interbase 2026-04-23 N/A
Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467.
CVE-2008-2564 1 Joomla 2 Com Jotloader, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2008-2568 1 Joomla 2 Com Simpleshop, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
CVE-2008-2569 1 Joomla 1 Easybook Component 2026-04-23 N/A
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
CVE-2008-2573 1 Freesshd 1 Freesshd 2026-04-23 N/A
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
CVE-2008-2574 1 Flashblog 1 Flashblog 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
CVE-2008-2575 2 Fedoraproject, Jcoppens 2 Fedora, Cbrpager 2026-04-23 N/A
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
CVE-2008-2577 1 Oracle 1 Weblogic Server 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors.
CVE-2008-2582 1 Oracle 2 Bea Product Suite, Weblogic Server Component 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors.
CVE-2008-2586 1 Oracle 2 Application Object Library, E-business Suite 2026-04-23 N/A
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606.
CVE-2008-2590 1 Oracle 3 Database Server, Enterprise Manager 10g, Instance Management Component 2026-04-23 N/A
Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors.
CVE-2009-4537 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2026-04-23 N/A
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
CVE-2008-2592 1 Oracle 3 Advanced Replication Component, Database Server, Oracle Database 2026-04-23 N/A
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure.
CVE-2008-2593 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.
CVE-2008-2603 1 Oracle 1 Enterprise Manager 2026-04-23 N/A
Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages.
CVE-2008-2426 1 Carsten Haitzler 1 Imlib2 2026-04-23 N/A
Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.