Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0277 1 Sun 2 Opensolaris, Ultrasparc 2026-04-23 N/A
Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2009-0278 1 Sun 1 Java System Application Server 2026-04-23 N/A
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
CVE-2009-0279 1 Pardalcms 1 Pardalcms 2026-04-23 N/A
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0280 1 Asp-project 1 Asp-project 2026-04-23 N/A
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
CVE-2009-0281 1 Warhound 1 Walking Club 2026-04-23 N/A
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-0282 2 Microsoft, Ralinktech 2 Windows 2000, Rt73 2026-04-23 N/A
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
CVE-2009-0283 1 Aobosoft 1 Oblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2009-0284 1 Flaxweb 1 Flax Article Manager 2026-04-23 N/A
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2009-0285 1 Bbsxp 1 Bbsxp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2009-0286 1 Opengoo 1 Opengoo 2026-04-23 N/A
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
CVE-2009-0287 1 Keep Toolkit 1 Keep Toolkit 2026-04-23 N/A
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
CVE-2009-0288 1 Windows Tftp Utility 1 Tftputil 2026-04-23 N/A
Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request.
CVE-2009-0289 1 Windows Tftp Utility 1 Tftputil 2026-04-23 N/A
k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request.
CVE-2009-0290 1 Sir 1 Gnuboard 2026-04-23 N/A
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
CVE-2009-0291 1 Openx 1 Openx 2026-04-23 N/A
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
CVE-2009-0292 1 Shop-inet 1 Shop-inet 2026-04-23 N/A
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
CVE-2009-0293 1 Wazzum 1 Wazzum Dating Software 2026-04-23 N/A
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2009-0294 1 Webmobo 1 Wbnews 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.
CVE-2009-0295 1 Itlpoll 1 Itpoll 2026-04-23 N/A
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0296 1 Gempar 1 Script Toko Online 2026-04-23 N/A
SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.