Export limit exceeded: 349519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2026-04-23 | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. | ||||
| CVE-2009-3112 | 1 Oxidforge | 2 Oxid Eshop, Oxid Eshop4.0.0.2 14967 | 2026-04-23 | N/A |
| Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. | ||||
| CVE-2009-3113 | 1 Oxid | 1 Eshop | 2026-04-23 | N/A |
| Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter. | ||||
| CVE-2009-3124 | 1 Ipmotor | 1 Quarkmail | 2026-04-23 | N/A |
| Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter. | ||||
| CVE-2009-3125 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2009-3127 | 1 Microsoft | 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more | 2026-04-23 | N/A |
| Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." | ||||
| CVE-2009-3147 | 1 Allenthusiast | 1 Reviewpost Php Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter. | ||||
| CVE-2009-3148 | 1 Portalxp | 1 Portalxp | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php. | ||||
| CVE-2009-3149 | 1 Curveriderhq | 1 Elgg | 2026-04-23 | N/A |
| Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3151 | 1 Ultrize | 1 Timesheet | 2026-04-23 | N/A |
| Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. | ||||
| CVE-2009-3152 | 1 Nt | 1 Bbs E-market | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action. | ||||
| CVE-2009-3169 | 1 Hitachi | 1 Jp1 File Transmission Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors. | ||||
| CVE-2009-3175 | 1 Boldfx | 1 Model Agency Manager Pro | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | ||||
| CVE-2009-3185 | 1 Comsenz | 2 Crazy Star Plugin, Discuz\! | 2026-04-23 | N/A |
| SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action. | ||||
| CVE-2009-3196 | 1 Jce-tech | 1 Php Video Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. | ||||
| CVE-2009-3197 | 1 Jce-tech | 1 Php Calendars Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2009-3198 | 1 Jce-tech | 1 Affiliate Master Datafeed Parser | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2009-3204 | 1 Stivaforum | 1 Stiva Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php. | ||||
| CVE-2009-3208 | 1 Prakashatma Mishra | 1 Phpfreebb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php. | ||||
| CVE-2009-3209 | 1 Raizlabs | 1 Php Email Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||