Total
10584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1900 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. | ||||
| CVE-2009-1949 | 1 Unclassified | 1 Newsboard | 2026-04-23 | N/A |
| import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | ||||
| CVE-2009-2130 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | ||||
| CVE-2009-1556 | 1 Cisco | 1 Wvc54gca | 2026-04-23 | N/A |
| img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507. | ||||
| CVE-2009-0776 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||||
| CVE-2009-1076 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2009-1289 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2026-04-23 | N/A |
| private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter. | ||||
| CVE-2009-1293 | 1 Novell | 1 Teaming | 2026-04-23 | N/A |
| The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | ||||
| CVE-2009-1296 | 1 Ubuntu | 2 73-oubuntu, Ubuntu | 2026-04-23 | N/A |
| The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. | ||||
| CVE-2009-1341 | 2 Debian, Redhat | 2 Libdbd-pg-perl, Enterprise Linux | 2026-04-23 | N/A |
| Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. | ||||
| CVE-2008-6872 | 1 Aspthai.net | 1 Aspthai Forums | 2026-04-23 | N/A |
| ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb. | ||||
| CVE-2008-6896 | 1 3cx | 1 Phone System | 2026-04-23 | N/A |
| login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. | ||||
| CVE-2008-6981 | 1 Phpadultsite | 1 Phpadultsite Cms | 2026-04-23 | N/A |
| index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability. | ||||
| CVE-2008-6999 | 1 Phpauction | 1 Phpauction | 2026-04-23 | N/A |
| phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2008-7187 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message. | ||||
| CVE-2009-0143 | 1 Apple | 1 Itunes | 2026-04-23 | N/A |
| Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. | ||||
| CVE-2009-0453 | 1 Onlinegrades | 1 Online Grades | 2026-04-23 | N/A |
| Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2009-0504 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. | ||||
| CVE-2009-0628 | 1 Cisco | 1 Cisco Ios | 2026-04-23 | N/A |
| Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. | ||||
| CVE-2009-0678 | 1 Ravenphpscripts | 1 Ravennuke | 2026-04-23 | N/A |
| images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message. | ||||