Total
11422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4295 | 2 Htc, Microsoft | 3 Mda, Wiza, Windows Mobile | 2026-06-16 | 5.4 MEDIUM | N/A |
| Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | |||||
| CVE-2008-4283 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 10.0 HIGH | N/A |
| CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-4224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-06-16 | 7.1 HIGH | N/A |
| UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. | |||||
| CVE-2008-4200 | 1 Opera | 1 Opera Browser | 2026-06-16 | 6.4 MEDIUM | N/A |
| Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. | |||||
| CVE-2008-4163 | 1 Isc | 1 Bind | 2026-06-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. | |||||
| CVE-2008-4137 | 1 Php Crawler | 1 Php Crawler | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter. | |||||
| CVE-2008-4136 | 1 Michael Roth Software | 1 Pftp | 2026-06-16 | 5.0 MEDIUM | N/A |
| Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames. | |||||
| CVE-2008-4133 | 1 D-link | 1 Dir-100 | 2026-06-16 | 4.3 MEDIUM | N/A |
| The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | |||||
| CVE-2008-4106 | 1 Wordpress | 1 Wordpress | 2026-06-16 | 5.1 MEDIUM | N/A |
| WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. | |||||
| CVE-2008-4105 | 1 Joomla | 1 Joomla | 2026-06-16 | 7.5 HIGH | N/A |
| JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. | |||||
| CVE-2008-4103 | 1 Joomla | 2 Com Mailto, Joomla | 2026-06-16 | 5.0 MEDIUM | N/A |
| The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. | |||||
| CVE-2008-4101 | 1 Vim | 1 Vim | 2026-06-16 | 9.3 HIGH | N/A |
| Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. | |||||
| CVE-2008-4096 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 8.5 HIGH | N/A |
| libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. | |||||
| CVE-2008-4071 | 2 Adobe, Microsoft | 3 Acrobat, Internet Explorer, Windows Vista | 2026-06-16 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | |||||
| CVE-2008-4050 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2026-06-16 | 9.3 HIGH | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method. | |||||
| CVE-2008-4049 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2026-06-16 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. | |||||
| CVE-2008-4041 | 1 Softalk Mail Server | 1 Softalk Mail Server | 2026-06-16 | 4.0 MEDIUM | N/A |
| The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters. | |||||
| CVE-2008-3960 | 1 Ibm | 1 Db2 Universal Database | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | |||||
| CVE-2008-3957 | 1 Microsoft | 1 Windows Image Acquisition Logger | 2026-06-16 | 9.3 HIGH | N/A |
| The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3947 | 1 Hp | 1 Openvms | 2026-06-16 | 7.2 HIGH | N/A |
| DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. | |||||