Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4455 1 Cisco 1 Adaptive Security Appliance 5500 2026-04-23 N/A
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature."
CVE-2009-4458 1 Freepbx 1 Freepbx 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.
CVE-2009-4461 1 Flatpress 1 Flatpress 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php.
CVE-2007-6499 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
CVE-2007-4752 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Rhel Eus 2026-04-23 N/A
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
CVE-2007-0911 1 Php 1 Php 2026-04-23 N/A
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
CVE-2007-0244 2 Debian, Poptop 2 Debian Linux, Pptp Server 2026-04-23 N/A
pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.
CVE-2009-4462 1 Intellicom 3 Netbiter Webscada Ws100, Netbiter Webscada Ws200, Netbiterconfig 2026-04-23 N/A
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
CVE-2009-4464 1 Activewebsoftwares 1 Active Business Directory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-4466 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption).
CVE-2009-4467 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.
CVE-2009-4478 1 Xstate 1 Real Estate 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html.
CVE-2007-1347 1 Microsoft 3 Windows 2000, Windows Explorer, Windows Xp 2026-04-23 N/A
Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
CVE-2008-1763 1 Blogator Script 1 Blogator Script 2026-04-23 N/A
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
CVE-2008-1764 1 Opera 1 Opera 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
CVE-2009-4479 1 Mailsite 1 Mailsite 2026-04-23 N/A
LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2007-0259 1 Ezboxx 1 Ezboxx Portal System 2026-04-23 N/A
Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.
CVE-2009-4480 1 Azeotech 1 Daqfactory 2026-04-23 N/A
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-4483 1 Mailsite 1 Mailsite 2026-04-23 N/A
Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-4484 5 Canonical, Debian, Mariadb and 2 more 5 Ubuntu Linux, Debian Linux, Mariadb and 2 more 2026-04-23 N/A
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.