Export limit exceeded: 347901 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347901 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4584 | 1 Dbmasters | 1 Db Masters Multimedia Links Directory | 2026-04-23 | N/A |
| admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie. | ||||
| CVE-2009-4585 | 1 Aspindir | 1 Uranyumsoft Listing Service | 2026-04-23 | N/A |
| UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. | ||||
| CVE-2009-4586 | 1 Wowd | 1 Wowd | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.html in Wowd client before 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby, (2) tags, or (3) ctx parameter in a search action. | ||||
| CVE-2009-4587 | 1 Cherokee | 1 Cherokee | 2026-04-23 | N/A |
| Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word. | ||||
| CVE-2009-4590 | 1 Secureideas | 1 Base | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4591 | 1 Secureideas | 1 Base | 2026-04-23 | N/A |
| SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4592 | 1 Secureideas | 1 Base | 2026-04-23 | N/A |
| Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors. | ||||
| CVE-2009-4594 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH. | ||||
| CVE-2009-4595 | 1 Phpwares | 1 Php Inventory | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4596 | 1 Phpwares | 1 Php Inventory | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action. | ||||
| CVE-2009-4598 | 2 Corephp, Joomla | 2 Com Jphoto, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. | ||||
| CVE-2009-4599 | 2 Joomla, Joomshark | 2 Joomla, Com Jsjobs | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php. | ||||
| CVE-2009-4600 | 1 Netartmedia | 1 Media Real Estate Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4601 | 1 Zeeways | 1 Zeejobsite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2009-4602 | 1 Drupal | 2 Drupal, Randomizer | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4603 | 1 Sap | 3 Sap Kernel, Sap Netweaver, Sap Web Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4604 | 2 Fernando Soares, Joomla | 2 Com Mamboleto, Joomla | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2009-4606 | 1 South River Technologies | 1 Webdrive | 2026-04-23 | N/A |
| South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | ||||
| CVE-2009-4607 | 1 Overlandstorage | 2 Guardianos, Snap Server 410 | 2026-04-23 | N/A |
| The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell. | ||||
| CVE-2009-4608 | 1 Canon-its | 1 Accessguardian | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication. | ||||