Search Results (362670 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2184 1 Gravy-media 1 Media Photo Host 2026-04-23 N/A
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.
CVE-2009-2187 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages.
CVE-2007-3137 1 Webmaster Solutions 1 Wmscms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
CVE-2009-2192 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
CVE-2009-2207 1 Apple 1 Iphone Os 2026-04-23 N/A
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
CVE-2009-2208 1 Freebsd 1 Freebsd 2026-04-23 N/A
FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU.
CVE-2009-2215 1 Urdland 1 Urd 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.
CVE-2008-1147 8 Apple, Cosmicperl, Darwin and 5 more 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more 2026-04-23 N/A
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
CVE-2009-2227 1 Blabsoft 1 Bopup Communication Server 2026-04-23 N/A
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
CVE-2007-3146 1 Zen Help Desk Software 1 Zen Help Desk 2026-04-23 N/A
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb.
CVE-2009-2256 1 Netgear 1 Dg632 2026-04-23 N/A
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
CVE-2008-1150 1 Cisco 1 Ios 2026-04-23 N/A
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
CVE-2009-2262 1 Myiosoft 1 Ajaxportal 2026-04-23 N/A
PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder.
CVE-2009-2271 1 Huawei 1 D100 2026-04-23 N/A
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.
CVE-2009-2273 1 Huawei 2 D100, D100 Firmware 2026-04-23 N/A
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2009-2284 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVE-2007-3151 1 Packeteer 1 Packetshaper 2026-04-23 N/A
rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.
CVE-2008-1151 1 Cisco 1 Ios 2026-04-23 N/A
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.
CVE-2008-2370 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2026-04-23 N/A
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
CVE-2007-3152 1 Daniel Stenberg 1 C-ares 2026-04-23 N/A
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.