Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3894 2 Dag.wieers, Redhat 2 Dstat, Enterprise Linux 2026-04-23 N/A
Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.
CVE-2009-3864 2 Microsoft, Sun 3 Windows, Jdk, Jre 2026-04-23 N/A
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
CVE-2009-1723 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
CVE-2009-3572 1 Openbsd 1 Openbsd 2026-04-23 N/A
OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors.
CVE-2009-1727 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
CVE-2007-0347 1 Cvstrac 1 Cvstrac 2026-04-23 N/A
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
CVE-2009-0903 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application.
CVE-2008-3746 1 Webdav 1 Neon 2026-04-23 N/A
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
CVE-2008-3873 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.
CVE-2008-6959 1 Chilkatsoft 1 Chilkat Socket 2026-04-23 N/A
Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647.
CVE-2007-3205 2 Hardened-php Project, Php 3 Hardened-php, Subhosin, Php 2026-04-23 N/A
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
CVE-2007-2682 2 Adobe, Apple 2 Creative Suite, Mac Os X 2026-04-23 N/A
The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.
CVE-2007-2387 1 Apple 1 Xserve Lights-out Management 2026-04-23 N/A
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
CVE-2007-4359 1 Skilmatch Staffing Systems 1 Joblister3 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.
CVE-2007-0376 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3435 1 Rkd Software 1 Barcode Activex 2026-04-23 N/A
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
CVE-2007-2250 1 Phorum 1 Phorum 2026-04-23 N/A
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
CVE-2007-0378 1 Docman 1 Docman 2026-04-23 N/A
Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-2414 2 Microsoft, Myserver 2 All Windows, Myserver 2026-04-23 N/A
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2007-1566 1 Netvios 1 Netvios 2026-04-23 N/A
SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954.