Export limit exceeded: 10719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0612 | 1 Trendmicro | 2 Interscan Web Security Suite, Interscan Web Security Virtual Appliance | 2026-04-23 | N/A |
| Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. | ||||
| CVE-2007-6190 | 1 Cisco | 1 Unified Ip Phone | 2026-04-23 | N/A |
| The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. | ||||
| CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | ||||
| CVE-2008-1924 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | ||||
| CVE-2008-4308 | 1 Apache | 1 Tomcat | 2026-04-23 | N/A |
| The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. | ||||
| CVE-2008-1523 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2026-04-23 | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html, and (3) rpDyDNS.html, and then reading the HTML source. | ||||
| CVE-2008-6342 | 2 Lobacher Patrick, Typo3 | 2 Simplefilebrowser, Typo3 | 2026-04-23 | N/A |
| Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | ||||
| CVE-2008-5099 | 1 Sun | 1 Logical Domain Manager | 2026-04-23 | N/A |
| Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992. | ||||
| CVE-2009-0508 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. | ||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-23 | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | ||||
| CVE-2008-5498 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-23 | N/A |
| Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. | ||||
| CVE-2008-4593 | 1 Apple | 1 Iphone | 2026-04-23 | N/A |
| Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | ||||
| CVE-2008-6896 | 1 3cx | 1 Phone System | 2026-04-23 | N/A |
| login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. | ||||
| CVE-2009-1076 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-1288 | 1 Ibm | 1 Rational Clearquest | 2026-04-23 | N/A |
| IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | ||||
| CVE-2009-4466 | 1 Deluxebb | 1 Deluxebb | 2026-04-23 | N/A |
| DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption). | ||||
| CVE-2008-1166 | 1 Flyspray | 1 Flyspray | 2026-04-23 | N/A |
| Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | ||||
| CVE-2008-2723 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | ||||
| CVE-2008-3060 | 1 V-webmail | 1 V-webmail | 2026-04-23 | N/A |
| V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | ||||