Search Results (366303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2268 1 Sun 1 Java System Access Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2269 1 Phome Empire 1 Phome Empire Cms 2026-04-23 N/A
SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.
CVE-2009-2270 1 Dedecms 1 Dedecms 2026-04-23 N/A
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename.
CVE-2009-2271 1 Huawei 1 D100 2026-04-23 N/A
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.
CVE-2009-2272 1 Huawei 2 D100, D100 Firmware 2026-04-23 7.5 High
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
CVE-2009-2273 1 Huawei 2 D100, D100 Firmware 2026-04-23 N/A
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2009-2274 1 Huawei 1 D100 2026-04-23 N/A
The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
CVE-2009-2275 1 Cpanel 1 Cpanel 2026-04-23 N/A
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
CVE-2009-2276 2 Biglle, Punbb 2 Vote For Us Extension, Punbb 2026-04-23 N/A
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.
CVE-2009-2281 2 Osgeo, Umn 2 Mapserver, Mapserver 2026-04-23 N/A
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
CVE-2009-2282 1 Oracle 2 Opensolaris, Solaris 2026-04-23 N/A
The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors.
CVE-2009-2283 1 Sun 2 Java Web Console, Solaris 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2284 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVE-2009-2286 1 James Ashton 1 Compface 2026-04-23 N/A
Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.
CVE-2009-2287 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2026-04-23 N/A
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.
CVE-2009-2288 1 Nagios 1 Nagios 2026-04-23 N/A
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
CVE-2009-2289 1 Arcadetradescript 1 Arcade Trade Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action.
CVE-2009-2290 2 Joomla, Kim Eckert 2 Joomla\!, Com Bsadv 2026-04-23 N/A
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.
CVE-2009-2291 2 Chad Phillips, Drupal 2 Logintoboggan, Drupal 2026-04-23 N/A
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.
CVE-2009-2292 1 Appleple 1 A-news 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.