Export limit exceeded: 366936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366936 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4371 1 Drupal 1 Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.
CVE-2009-4372 1 Alienvault 1 Open Source Security Information Management 2026-04-23 N/A
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.
CVE-2009-4373 1 Alienvault 1 Open Source Security Information Management 2026-04-23 N/A
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/.
CVE-2009-4374 1 Alienvault 1 Open Source Security Information Management 2026-04-23 N/A
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter.
CVE-2009-4375 1 Alienvault 1 Open Source Security Information Management 2026-04-23 N/A
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
CVE-2009-4376 1 Wireshark 1 Wireshark 2026-04-23 N/A
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
CVE-2009-4377 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
CVE-2009-4378 2 Microsoft, Wireshark 2 Windows, Wireshark 2026-04-23 N/A
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
CVE-2009-4379 1 Valarsoft 1 Webmatic 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924.
CVE-2009-4380 1 Valarsoft 1 Webmatic 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925.
CVE-2009-4381 1 Texmedia 1 Million Pixel Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4382 1 Phpfaber 1 Phpfaber Content Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.
CVE-2009-4383 1 Rocomotion 1 P Forum 2026-04-23 N/A
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
CVE-2009-4384 1 Scriptsez 1 Ez Poll Hoster 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.
CVE-2009-4385 1 Scriptsez 1 Ez Poll Hoster 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.
CVE-2009-4386 1 Bookingcentre 1 Booking System For Hotels Group 2026-04-23 N/A
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
CVE-2009-4387 1 Manageengine 2 Password Manager Pro, Password Manager Pro6.1 2026-04-23 N/A
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
CVE-2009-4388 2 Frank Krger, Typo3 2 Nl Listman, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4389 2 Robert Puntigam, Typo3 2 Aba Watchdog, Typo3 2026-04-23 N/A
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2009-4390 2 Jochen Rieger, Typo3 2 Car, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.