Export limit exceeded: 366811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3531 1 Universe 1 Universe Cms 2026-04-23 N/A
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3532 2 Logrover, Microsoft 2 Logrover, Windows 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-3533 1 John Beranek 1 Meeting Room Booking System 2026-04-23 N/A
SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3534 1 Lionwiki 1 Lionwiki 2026-04-23 N/A
Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
CVE-2009-3535 1 Allisclear 1 Clear Content 2026-04-23 N/A
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
CVE-2009-3536 1 Epicdjsoftware 1 Epicvj 2026-04-23 N/A
Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.
CVE-2009-3537 1 Epicdjsoftware 1 Epicdj 2026-04-23 N/A
Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.
CVE-2009-3538 1 Allisclear 1 Clear Content 2026-04-23 N/A
Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3539 1 Yourfreeworld 1 Ultra Classifieds Pro 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.
CVE-2009-3540 1 Yourfreeworld 1 Ultra Classifieds Pro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3541 1 Phpgenealogy 1 Phpgenealogy 2026-04-23 N/A
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
CVE-2009-3542 1 Kneuro 1 Littlesite.php 2026-04-23 N/A
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2009-3543 1 Phenotype-cms 1 Phenotype Cms 2026-04-23 N/A
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
CVE-2009-3544 1 Xerver 1 Xerver 2026-04-23 N/A
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
CVE-2009-3545 1 Datawizard 1 Ftpxq Server 2026-04-23 N/A
DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command.
CVE-2009-3546 3 Libgd, Php, Redhat 3 Gd Graphics Library, Php, Enterprise Linux 2026-04-23 N/A
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
CVE-2009-3548 1 Apache 1 Tomcat 2026-04-23 N/A
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
CVE-2009-3549 2 Sun, Wireshark 2 Sparc, Wireshark 2026-04-23 N/A
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
CVE-2009-3550 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
CVE-2009-3551 1 Wireshark 1 Wireshark 2026-04-23 N/A
Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.