Search Results (10751 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3651 2 Linux, Redhat 2 Ipsec Tools Racoon Daemon, Enterprise Linux 2026-04-23 N/A
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
CVE-2007-6514 2 Apache, Linux 2 Http Server, Linux Kernel 2026-04-23 N/A
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
CVE-2007-6513 1 Hp 1 Esupportdiagnostics 2026-04-23 N/A
HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.
CVE-2009-4300 1 Moodle 1 Moodle 2026-04-23 N/A
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
CVE-2007-6476 1 Gf 3xplorer 1 Gf 3xplorer 2026-04-23 N/A
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
CVE-2008-1680 1 Future Nuke 1 Php-nuke Platinum 2026-04-23 N/A
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.
CVE-2008-3914 1 Clamav 1 Clamav 2026-04-23 N/A
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
CVE-2009-2796 1 Apple 1 Iphone Os 2026-04-23 N/A
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
CVE-2006-6886 1 Phpwcms 1 Phpwcms 2026-04-23 N/A
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
CVE-2008-3539 2 Hp, Microsoft 12 Hpsi Acf2 Connector, Hpsi Active Directory Connector, Hpsi Bidir Dirx Connector and 9 more 2026-04-23 N/A
Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors.
CVE-2008-3962 1 Ssmtp 1 Ssmtp 2026-04-23 N/A
The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.
CVE-2009-3882 2 Redhat, Sun 6 Enterprise Linux, Network Satellite, Rhel Extras and 3 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
CVE-2009-3086 1 Rubyonrails 1 Rails 2026-04-23 N/A
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
CVE-2007-2552 1 Wikkawiki 1 Wikkawiki 2026-04-23 N/A
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
CVE-2009-1756 1 Simone Rota 1 Slim Simple Login Manager 2026-04-23 N/A
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.
CVE-2009-3452 1 Radactive 1 I-load 2026-04-23 N/A
WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname.
CVE-2009-2260 1 Stardict 1 Stardict 2026-04-23 N/A
stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2007-6043 1 Microsoft 1 Windows 2000 2026-04-23 N/A
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
CVE-2009-1700 1 Apple 3 Iphone Os, Ipod Touch, Safari 2026-04-23 N/A
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
CVE-2008-0041 1 Apple 1 Mac Os X 2026-04-23 N/A
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.