Export limit exceeded: 26229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3882 | 2 Redhat, Sun | 6 Enterprise Linux, Network Satellite, Rhel Extras and 3 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | ||||
| CVE-2007-5470 | 1 Microsoft | 1 Expression Media | 2026-04-23 | N/A |
| Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. | ||||
| CVE-2009-4546 | 1 Logoshows | 1 Logoshows Bbs | 2026-04-23 | N/A |
| globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies. | ||||
| CVE-2009-4533 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2026-04-23 | N/A |
| The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | ||||
| CVE-2009-4531 | 1 Jasper | 1 Httpdx | 2026-04-23 | N/A |
| httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI. | ||||
| CVE-2009-4530 | 1 Sergey Lyubka | 1 Mongoose | 2026-04-23 | N/A |
| Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. | ||||
| CVE-2009-4529 | 1 Intervations | 1 Navicopa Web Server | 2026-04-23 | N/A |
| InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs. | ||||
| CVE-2009-3097 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-3086 | 1 Rubyonrails | 1 Rails | 2026-04-23 | N/A |
| A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. | ||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2026-04-23 | N/A |
| Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | ||||
| CVE-2009-2998 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. | ||||
| CVE-2009-2918 | 1 Thegreenbow | 1 Thegreenbow Vpn Client | 2026-04-23 | N/A |
| The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0. | ||||
| CVE-2007-1666 | 1 Datarescue | 1 Ida Pro | 2026-04-23 | N/A |
| The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. | ||||
| CVE-2009-2856 | 1 Sun | 2 Solaris, Virtual Desktop Infrastructure | 2026-04-23 | N/A |
| Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network. | ||||
| CVE-2009-2855 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2026-04-23 | N/A |
| The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. | ||||
| CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2026-04-23 | N/A |
| WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | ||||
| CVE-2009-4372 | 1 Alienvault | 1 Open Source Security Information Management | 2026-04-23 | N/A |
| AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/. | ||||
| CVE-2007-5810 | 1 Hitachi | 14 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Cosminexus Developer Light Version 6 and 11 more | 2026-04-23 | N/A |
| Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. | ||||
| CVE-2007-5816 | 1 Contentcustomizer | 1 Contentcustomizer | 2026-04-23 | N/A |
| dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page. | ||||
| CVE-2007-5201 | 1 Duplicity Project | 1 Duplicity | 2026-04-23 | N/A |
| The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments. | ||||