Export limit exceeded: 346174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0444 | 1 Sirini | 1 Grboard | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php. | ||||
| CVE-2009-0445 | 1 Dreampics | 1 Gallery Builder | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action. | ||||
| CVE-2009-0454 | 1 Dmxready | 1 Online Notebook Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue. | ||||
| CVE-2009-3178 | 1 Symantec | 1 Altiris Deployment Solution | 2026-04-23 | N/A |
| Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-0457 | 1 Magtrb | 1 Aja Portal | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module. | ||||
| CVE-2009-3186 | 1 Videogirls | 1 Videogirls Biz | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php. | ||||
| CVE-2009-4227 | 1 Xfig | 1 Xfig | 2026-04-23 | N/A |
| Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0459 | 1 Wholehogsoftware | 1 Password Protect | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0462 | 1 Clicktech | 1 Clickcart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3195 | 1 Jce-tech | 1 Auction Rss Content Script | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php. | ||||
| CVE-2009-4234 | 1 Micronet | 1 Network Access Controller Sp1910 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2009-0470 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. | ||||
| CVE-2009-3200 | 1 Qnap | 2 Ts-239 Pro Turbo Nas, Ts-639 Pro Turbo Nas | 2026-04-23 | N/A |
| The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command. | ||||
| CVE-2009-4235 | 1 Tim Hockin | 1 Acpid | 2026-04-23 | N/A |
| acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033. | ||||
| CVE-2009-0476 | 1 Multimediasoft | 5 Audio Dj Studio For .net, Audio Sound Editer For .net, Audio Sound Recorder For .net and 2 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3205 | 1 Cbauthority | 1 Cbauthority | 2026-04-23 | N/A |
| SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action. | ||||
| CVE-2009-0478 | 1 Squid | 1 Squid | 2026-04-23 | N/A |
| Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. | ||||
| CVE-2009-3212 | 1 Dimofinf | 1 Infinity Script | 2026-04-23 | N/A |
| SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2009-4236 | 1 Ec-cube | 1 Ec-cube Ver2 | 2026-04-23 | N/A |
| The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions. | ||||
| CVE-2009-0486 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. | ||||