Vulnerabilities (CVE)

Filtered by CWE-94
Total 6412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3441 1 Nullsoft 1 Winamp 2026-06-16 7.5 HIGH N/A
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3440 1 Sun 1 Java 2026-06-16 7.5 HIGH N/A
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3439 1 Speedbit 1 Speedbit Video Accelerator 2026-06-16 7.5 HIGH N/A
SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3437 1 Openoffice 1 Openoffice.org 2026-06-16 7.5 HIGH N/A
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3436 1 Notepad\+\+ 1 Notepad\+\+ 2026-06-16 7.5 HIGH N/A
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3435 1 Linkedin 1 Browser Toolbar 2026-06-16 7.5 HIGH N/A
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3434 1 Apple 1 Itunes 2026-06-16 7.5 HIGH N/A
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3433 1 Speedbit 1 Download Accelerator Plus 2026-06-16 7.5 HIGH N/A
SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3402 1 Hscripts 1 Hiox Random Ad 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
CVE-2008-3401 1 Hscripts 1 Hiox Random Ad 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3399 1 Xrms 1 Xrms Crm 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
CVE-2008-3368 1 Atutor 1 Atutor 2026-06-16 6.5 MEDIUM N/A
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
CVE-2008-3354 1 Runcms 2 Newbb Plus Module, Runcms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3335 1 Punbb 1 Punbb 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
CVE-2008-3332 1 Mantis 1 Mantis 2026-06-16 6.5 MEDIUM N/A
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
CVE-2008-3313 1 Creacms 1 Creacms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3311 1 Adam Scheinberg 1 Flip 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
CVE-2008-3308 1 Carlos Desseno 1 Youtube Blog 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.
CVE-2008-3298 1 Social Engine 1 Social Engine 2026-06-16 6.0 MEDIUM N/A
SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
CVE-2008-3294 1 Vim 1 Vim 2026-06-16 3.7 LOW N/A
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.