Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349538 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3499 | 1 Bpowerhouse | 1 Bplawyercasedocuments | 2026-04-23 | N/A |
| SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2009-3505 | 1 Vastal | 1 Mmorpg Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460. | ||||
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2026-04-23 | N/A |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. | ||||
| CVE-2009-3509 | 1 Cj-design | 1 Cj Dynamic Poll | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2009-2772 | 1 Realtysoft | 1 Pg Roomate Finder Solution | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php. | ||||
| CVE-2009-2770 | 1 Powerupload | 1 Powerupload | 2026-04-23 | N/A |
| PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie. | ||||
| CVE-2009-2769 | 1 Ultrize | 1 Timesheet | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter. | ||||
| CVE-2009-2768 | 1 Linux | 1 Linux Kernel | 2026-04-23 | 7.8 High |
| The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." | ||||
| CVE-2009-2767 | 1 Linux | 2 Kernel, Linux Kernel | 2026-04-23 | N/A |
| The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. | ||||
| CVE-2009-2407 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2026-04-23 | N/A |
| Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. | ||||
| CVE-2009-2414 | 2 Redhat, Xmlsoft | 3 Enterprise Linux, Libxml, Libxml2 | 2026-04-23 | N/A |
| Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2009-2410 | 1 Fedorahosted | 1 Sssd | 2026-04-23 | N/A |
| The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection. | ||||
| CVE-2009-2411 | 2 Redhat, Subversion | 2 Enterprise Linux, Subversion | 2026-04-23 | N/A |
| Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. | ||||
| CVE-2009-2417 | 3 Curl, Libcurl, Redhat | 3 Libcurl, Libcurl, Enterprise Linux | 2026-04-23 | N/A |
| lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2009-2420 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. | ||||
| CVE-2009-2421 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. | ||||
| CVE-2009-2424 | 1 Clone2009 | 1 Ebay Clone | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | ||||
| CVE-2009-2425 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor. | ||||
| CVE-2009-2427 | 1 Jobbr | 1 Jobbr | 2026-04-23 | N/A |
| SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter. | ||||
| CVE-2009-2428 | 1 Tauschregal.de | 1 Tausch Ticket Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors. | ||||