Export limit exceeded: 359668 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3473 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." | ||||
| CVE-2009-1414 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. | ||||
| CVE-2009-1460 | 1 Razorcms | 1 Razorcms | 2026-04-23 | N/A |
| razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact. | ||||
| CVE-2009-0438 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2026-04-23 | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. | ||||
| CVE-2009-2859 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | ||||
| CVE-2007-5761 | 1 Motorola | 1 Netoctopus | 2026-04-23 | N/A |
| The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value. | ||||
| CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | ||||
| CVE-2007-2063 | 1 Ssh | 1 Tectia Server | 2026-04-23 | N/A |
| SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact. | ||||
| CVE-2008-4214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | ||||
| CVE-2009-2793 | 1 Netbsd | 1 Netbsd | 2026-04-23 | N/A |
| The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. | ||||
| CVE-2008-3356 | 1 Ingres | 1 Ingres | 2026-04-23 | N/A |
| verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. | ||||
| CVE-2007-5757 | 1 Ibm | 1 Db2 Universal Database | 2026-04-23 | N/A |
| Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697. | ||||
| CVE-2009-2207 | 1 Apple | 1 Iphone Os | 2026-04-23 | N/A |
| The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | ||||
| CVE-2009-4526 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2026-04-23 | N/A |
| The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. | ||||
| CVE-2009-1941 | 1 Phpeasycode | 1 Pad Site Scripts | 2026-04-23 | N/A |
| PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt. | ||||
| CVE-2009-1896 | 2 Fedoraproject, Sun | 2 Fedora, Openjdk | 2026-04-23 | N/A |
| The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. | ||||
| CVE-2009-1078 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact. | ||||
| CVE-2009-1495 | 1 Webfileexplorer | 1 Web File Explorer | 2026-04-23 | N/A |
| Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. | ||||
| CVE-2008-2019 | 1 Simple Machines | 1 Smf | 2026-04-23 | N/A |
| Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. | ||||
| CVE-2008-6613 | 1 Abweb | 1 Minimal-ablog | 2026-04-23 | N/A |
| uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | ||||