Export limit exceeded: 26283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26283 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2329 | 1 Max Kervin | 1 Kervinet Forum | 2026-04-23 | N/A |
| KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php, (5) topics_list.php, (6) top_part.php, (7) quick_search.php, (8) quick_reply.php, (9) moder_menu.php, (10) messages_list.php, (11) menu.php, (12) head.php, (13) forums_list.php, (14) forum_statistics.php, (15) forum_info.php, or (16) birthday.php in include_files/, which reveals the installation path in an error message. | ||||
| CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2026-04-23 | N/A |
| Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | ||||
| CVE-2009-2305 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2026-04-23 | N/A |
| The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences. | ||||
| CVE-2009-2304 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | N/A |
| index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message. | ||||
| CVE-2009-2303 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | N/A |
| index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | ||||
| CVE-2009-0041 | 1 Asterisk | 3 Asterisk Business Edition, Open Source, S800i Appliance | 2026-04-23 | N/A |
| IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2009-4114 | 1 Kaspersky | 1 Kaspersky Anti-virus | 2026-04-23 | N/A |
| kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl. | ||||
| CVE-2007-5774 | 1 Flatnuke3 | 1 Flatnuke3 | 2026-04-23 | N/A |
| index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. | ||||
| CVE-2008-5887 | 1 Tincan | 1 Phplist | 2026-04-23 | N/A |
| phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | ||||
| CVE-2008-0672 | 1 Tintin | 2 Tintin\+\+, Wintin\+\+ | 2026-04-23 | N/A |
| The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference. | ||||
| CVE-2008-6731 | 1 China-on-site | 1 Flexphplink | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/. | ||||
| CVE-2009-0061 | 1 Cisco | 5 4400 Wireless Lan Controller, Catalyst 3750 Series Integrated Wireless Lan Controller, Catalyst 6500 Series Integrated Wireless Lan Controller and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets. | ||||
| CVE-2009-0745 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. | ||||
| CVE-2007-5711 | 1 Massive Entertainment | 1 World In Conflict | 2026-04-23 | N/A |
| Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000. | ||||
| CVE-2009-0311 | 1 Emc | 1 Autostart | 2026-04-23 | N/A |
| The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. | ||||
| CVE-2009-0372 | 1 Memht | 1 Memht Portal | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/. | ||||
| CVE-2007-5762 | 1 Novell | 1 Netware Client | 2026-04-23 | N/A |
| NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | ||||
| CVE-2009-0783 | 2 Apache, Redhat | 7 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 4 more | 2026-04-23 | N/A |
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||||
| CVE-2008-0473 | 1 Web Wiz | 1 Rich Text Editor | 2026-04-23 | N/A |
| RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors. | ||||
| CVE-2008-5732 | 1 Kafooeyblog | 1 Kafooeyblog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | ||||