Search Results (364428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1990 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.
CVE-2009-1992 2 Microsoft, Oracle 2 Windows, Database Server 2026-04-23 N/A
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2006-5514 1 Web Group Communication Center 1 Web Group Communication Center 2026-04-23 N/A
SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.
CVE-2009-1993 1 Oracle 1 Database Server 2026-04-23 N/A
Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.
CVE-2006-5516 1 Wikini 1 Wikini 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.
CVE-2009-1998 1 Oracle 1 Industry Applications 2026-04-23 N/A
Unspecified vulnerability in the Oracle Communications Order and Service Management component in Oracle Industry Applications 2.8.0, 6.2.0, 6.3.0, and 6.3.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
CVE-2009-2000 1 Oracle 1 Database Server 2026-04-23 N/A
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2009-2001 1 Oracle 1 Database Server 2026-04-23 N/A
Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2009-2003 1 Ascadnetworks 1 Password Protector Sd 2026-04-23 N/A
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
CVE-2009-2004 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
CVE-2007-0984 1 Aspcode.net 1 Pollmentor 2026-04-23 N/A
SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.
CVE-2009-2005 1 Dokeos 1 Dokeos 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
CVE-2009-2006 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability.
CVE-2007-2930 1 Isc 1 Bind 2026-04-23 N/A
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
CVE-2007-4879 1 Mozilla 2 Firefox, Seamonkey 2026-04-23 N/A
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
CVE-2009-2008 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
CVE-2009-2009 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
CVE-2009-2011 2 Dxstudio, Mozilla 2 Dx Studio Player, Firefox 2026-04-23 N/A
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
CVE-2009-2013 1 Frontisgroup 1 Frontis 2026-04-23 N/A
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.
CVE-2009-2014 1 Joomla 2 Com School, Joomla 2026-04-23 N/A
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.