Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1476 1 Darren Reed 1 Ipfilter 2026-04-23 N/A
Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL.
CVE-2009-1479 1 Boxalino 1 Boxalino 2026-04-23 N/A
Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
CVE-2009-1472 1 Aten 2 Kh1516i Ip Kvm Switch, Kn9116 Ip Kvm Switch 2026-04-23 N/A
The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session.
CVE-2009-1462 1 Razorcms 1 Razorcms 2026-04-23 N/A
The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
CVE-2009-1461 1 Razorcms 1 Razorcms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field.
CVE-2009-1448 1 Lovpop 1 Apricot 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-1442 1 Google 1 Chrome 2026-04-23 N/A
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
CVE-2009-1440 1 Amule 1 Amule 2026-04-23 N/A
Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.
CVE-2009-1437 1 Coolplayer 1 Coolplayer 2026-04-23 N/A
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
CVE-2009-1433 1 Silverstripe 1 Silverstripe 2026-04-23 N/A
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
CVE-2008-0974 2 Double-take Software, Hp 2 Double-take, Storageworks Double-take 2026-04-23 N/A
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.
CVE-2007-2583 4 Canonical, Debian, Oracle and 1 more 4 Ubuntu Linux, Debian Linux, Mysql and 1 more 2026-04-23 N/A
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
CVE-2009-0469 1 Futomis Cgi Cafe 1 Fulltext Search Cgi 2026-04-23 N/A
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.
CVE-2009-0471 1 Cisco 1 Ios 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.
CVE-2007-2797 3 Debian, Redhat, Xterm 3 Debian Linux, Enterprise Linux, Xterm 2026-04-23 N/A
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
CVE-2008-0975 1 Double-take Software 1 Double-take 2026-04-23 N/A
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value.
CVE-2008-0978 1 Double-take Software 1 Double-take 2026-04-23 N/A
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries.
CVE-2009-0500 1 Moodle 1 Moodle 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
CVE-2009-0501 1 Moodle 1 Moodle 2026-04-23 N/A
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.
CVE-2009-0507 1 Ibm 1 Websphere Process Server 2026-04-23 N/A
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.