Export limit exceeded: 362965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362965 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0617 | 1 Cisco | 1 Application Networking Manager | 2026-04-23 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. | ||||
| CVE-2008-6941 | 1 Turnkeyforms | 1 Web Hosting Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2009-0581 | 5 Gimp, Littlecms, Mozilla and 2 more | 5 Gimp, Little Cms, Firefox and 2 more | 2026-04-23 | N/A |
| Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. | ||||
| CVE-2009-0839 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action. | ||||
| CVE-2009-0840 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header. | ||||
| CVE-2008-6809 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2026-04-23 | N/A |
| SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter. | ||||
| CVE-2008-6812 | 1 Surat Kabar | 1 Phpwebnews | 2026-04-23 | N/A |
| SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter. | ||||
| CVE-2008-6819 | 1 Microsoft | 2 Windows 2003 Server, Windows Vista | 2026-04-23 | N/A |
| win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0842 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink. | ||||
| CVE-2008-6824 | 1 A-link | 2 Wl54ap2, Wl54ap3 | 2026-04-23 | N/A |
| The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-6825 | 1 Trixbox | 1 Trixbox | 2026-04-23 | N/A |
| Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter. | ||||
| CVE-2009-0843 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists. | ||||
| CVE-2009-0844 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2026-04-23 | N/A |
| The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | ||||
| CVE-2009-1037 | 1 Drupal | 2 Drupal, Print | 2026-04-23 | N/A |
| Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API. | ||||
| CVE-2008-6833 | 1 Fuzzylime | 1 Fuzzylime \(cms\) | 2026-04-23 | N/A |
| Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter. | ||||
| CVE-2008-6834 | 1 Fuzzylime | 1 Fuzzylime \(cms\) | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164. | ||||
| CVE-2009-0992 | 1 Oracle | 2 Database 10g, Database 11g | 2026-04-23 | N/A |
| Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure. | ||||
| CVE-2008-6838 | 1 Zoph | 1 Zoph | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1042 | 1 Apple | 2 Mac Os X, Safari | 2026-04-23 | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | ||||
| CVE-2008-6840 | 1 Christof Bruyland | 1 V-webmail | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/; the CONFIG[pear_dir] parameter to (j) includes/prepend.php, and (k) includes/cachedConfig.php; and the (2) CONFIG[includes] parameter to (l) prepend.php and (m) email.list.search.php in includes/. NOTE: the CONFIG[pear_dir] parameter to includes/mailaccess/pop3.php is already covered by CVE-2006-2666. | ||||