Search Results (26246 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1761 1 Ca 1 Arcserve Backup 2026-04-23 N/A
The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.
CVE-2009-1189 2 Freedesktop, Redhat 2 Dbus, Enterprise Linux 2026-04-23 N/A
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
CVE-2007-5168 1 Clanlite 1 Clanlite 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules/serveur_jeux.php or (2) conf/conf-php.php. NOTE: vector 1 is disputed by CVE because the require_once is only reached when a certain constant has already been defined.
CVE-2007-5933 1 Pioneers 1 Pioneers 2026-04-23 N/A
Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.
CVE-2007-5922 2 Bitchx, Cypress 2 Bitchx, Cypress 2026-04-23 N/A
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
CVE-2009-2583 1 Ibm 1 Tivoli Identity Manager 2026-04-23 N/A
Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.
CVE-2008-1197 2 Marvell, Netgear 2 88w8361w-bem1, Wn802t 2026-04-23 N/A
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID."
CVE-2009-1149 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
CVE-2009-2513 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2026-04-23 N/A
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
CVE-2009-4236 1 Ec-cube 1 Ec-cube Ver2 2026-04-23 N/A
The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.
CVE-2009-2533 1 Realnetworks 2 Helix Server, Helix Server Mobile 2026-04-23 N/A
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.
CVE-2009-2534 1 Realnetworks 2 Helix Server, Helix Server Mobile 2026-04-23 N/A
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.
CVE-2009-1082 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.
CVE-2009-3962 1 2wire 6 1700hg, 1701hg, 1800hw and 3 more 2026-04-23 N/A
The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523.
CVE-2009-1076 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-4254 1 Phpee 1 Pphlogger 2026-04-23 N/A
PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message.
CVE-2009-2622 1 Squid-cache 1 Squid 2026-04-23 N/A
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
CVE-2009-4303 1 Moodle 1 Moodle 2026-04-23 N/A
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.
CVE-2008-1136 1 Synce 1 Synce 2026-04-23 N/A
The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.
CVE-2009-2998 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.