Export limit exceeded: 346163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0372 | 1 Memht | 1 Memht Portal | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/. | ||||
| CVE-2009-0379 | 1 Joomla | 2 Com Pcchess, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761. | ||||
| CVE-2009-0386 | 2 Gstreamer, Redhat | 2 Good Plug-ins, Enterprise Linux | 2026-04-23 | N/A |
| Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file. | ||||
| CVE-2009-0387 | 2 Gstreamer, Redhat | 3 Good Plug-ins, Plug-ins, Enterprise Linux | 2026-04-23 | N/A |
| Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes." | ||||
| CVE-2009-3146 | 1 Articlefriend | 1 Articlefriend Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4215 | 2 Microsoft, Pandasecurity | 6 Windows 7, Windows Vista, Windows Xp and 3 more | 2026-04-23 | N/A |
| Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs. | ||||
| CVE-2009-0395 | 1 Netartmedia | 1 Car Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2009-3149 | 1 Curveriderhq | 1 Elgg | 2026-04-23 | N/A |
| Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4216 | 1 Klinza | 1 Klinza Professional Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter. | ||||
| CVE-2009-0396 | 1 Sony Ericsson | 9 K530i, K610i, K618i and 6 more | 2026-04-23 | N/A |
| The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948. | ||||
| CVE-2009-0398 | 2 Gstreamer, Redhat | 2 Plug-ins, Enterprise Linux | 2026-04-23 | N/A |
| Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file. | ||||
| CVE-2009-3153 | 1 X10media | 1 Mp3 Search Engine | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php. | ||||
| CVE-2009-4217 | 2 Itamar Elharar, Joomla | 2 Com Musicgallery, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0403 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2009-3154 | 2 Almondsoft, Joomla | 2 Com Aclassf, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567. | ||||
| CVE-2009-4218 | 1 Jiros | 1 Jbsx | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0412 | 1 Interspire | 1 Shopping Cart | 2026-04-23 | N/A |
| The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. | ||||
| CVE-2009-3162 | 1 Multi-website | 1 Multi Website | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI. | ||||
| CVE-2009-0419 | 1 Microsoft | 1 Xml Core Services | 2026-04-23 | N/A |
| Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. | ||||
| CVE-2009-3163 | 1 Silcnet | 2 Silc Client, Silc Toolkit | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | ||||