Export limit exceeded: 346188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346188 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3019 | 1 Microsoft | 3 Internet Explorer, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. | ||||
| CVE-2009-3308 | 1 Fanupdate | 1 Fanupdate | 2026-04-23 | N/A |
| SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | ||||
| CVE-2009-3021 | 2 Geeklog, Yoshinori Tahara | 2 Geeklog, Mycaljp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3031 | 1 Symantec | 3 Altiris Deployment Solution, Altiris Management Platform, Altiris Notification Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument. | ||||
| CVE-2009-3038 | 2 Ibm, Rim | 2 Lotus Notes Connector, Blackberry Desktop Manager | 2026-04-23 | N/A |
| A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element. | ||||
| CVE-2009-3040 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php. | ||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2026-04-23 | N/A |
| Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | ||||
| CVE-2009-3049 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | ||||
| CVE-2009-3064 | 1 Rein Velt | 1 Vedit | 2026-04-23 | N/A |
| Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _GET[filename] parameter. | ||||
| CVE-2009-3065 | 1 Rein Velt | 1 Vedit | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter. | ||||
| CVE-2009-3066 | 1 Propertywatchscript | 1 Property Watch | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php. | ||||
| CVE-2009-3067 | 1 Webformatique | 1 Reservation Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter. | ||||
| CVE-2009-3069 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2009-3102 | 1 Zmanda | 1 Zrm For My Sql | 2026-04-23 | N/A |
| The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. | ||||
| CVE-2009-3076 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. | ||||
| CVE-2009-3077 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." | ||||
| CVE-2009-3086 | 1 Rubyonrails | 1 Rails | 2026-04-23 | N/A |
| A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. | ||||
| CVE-2009-3087 | 2 Ibm, Microsoft | 2 Lotus Domino, Windows Server 2003 | 2026-04-23 | N/A |
| Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-3088 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2026-04-23 | N/A |
| Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-3101 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches. | ||||