Export limit exceeded: 26242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26242 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1062 2 Adobe, Redhat 4 Acrobat, Acrobat Reader, Reader and 1 more 2026-04-23 N/A
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
CVE-2008-5887 1 Tincan 1 Phplist 2026-04-23 N/A
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
CVE-2009-2305 1 Armassa 2 Ard-9808, Ard-9808 Software 2026-04-23 N/A
The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
CVE-2009-2304 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
CVE-2009-2303 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
CVE-2007-4671 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2026-04-23 N/A
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain.
CVE-2009-0815 1 Typo3 1 Typo3 2026-04-23 N/A
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
CVE-2009-4114 1 Kaspersky 1 Kaspersky Anti-virus 2026-04-23 N/A
kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.
CVE-2010-0360 1 Sun 1 Java System Web Server 2026-04-23 N/A
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
CVE-2009-1371 1 Clamav 1 Clamav 2026-04-23 N/A
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
CVE-2009-1369 1 Mozilo 1 Mozilocms 2026-04-23 N/A
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.
CVE-2008-5937 1 Zkesoft 1 Ayeview 2026-04-23 N/A
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
CVE-2009-1361 1 Gscripts 1 Dns Tools 2026-04-23 N/A
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1357 1 Sun 1 Java System Delegated Administrator 2026-04-23 N/A
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
CVE-2009-0521 3 Adobe, Linux, Redhat 3 Flash Player For Linux, Linux Kernel, Rhel Extras 2026-04-23 N/A
Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.
CVE-2009-0504 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
CVE-2009-0089 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2026-04-23 N/A
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
CVE-2009-1350 1 Novell 1 Netidentity Client1.2.3 2026-04-23 N/A
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
CVE-2009-3640 1 Linux 1 Linux Kernel 2026-04-23 N/A
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.
CVE-2009-2261 1 Giorgio Tani 1 Peazip 2026-04-23 N/A
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.