Export limit exceeded: 366877 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366877 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3798 | 2 Adobe, Redhat | 3 Adobe Air, Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | ||||
| CVE-2009-3799 | 2 Adobe, Redhat | 3 Adobe Air, Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." | ||||
| CVE-2009-3800 | 2 Adobe, Redhat | 3 Adobe Air, Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2009-3809 | 1 Acoustica | 1 Mp3 Audio Mixer | 2026-04-23 | N/A |
| Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file. | ||||
| CVE-2009-3801 | 1 Opendocman | 1 Opendocman | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3802 | 1 Amirocms | 1 Amiro.cms | 2026-04-23 | N/A |
| Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message. | ||||
| CVE-2009-3803 | 1 Amirocms | 1 Amiro.cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php. | ||||
| CVE-2009-3804 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. | ||||
| CVE-2009-3805 | 2 Gpg4win, Kde-apps | 2 Gpg4win, Kleopatra | 2026-04-23 | N/A |
| gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature. | ||||
| CVE-2009-3806 | 1 Dedecms | 1 Dedecms | 2026-04-23 | N/A |
| SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | ||||
| CVE-2009-3807 | 1 Mixvibes | 1 Mixvibes | 2026-04-23 | N/A |
| Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file. | ||||
| CVE-2009-3808 | 1 Kramware | 1 Mixsense Dj Studio | 2026-04-23 | N/A |
| MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file. | ||||
| CVE-2009-3810 | 1 Acoustica | 1 Mp3 Audio Mixer | 2026-04-23 | N/A |
| Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file. | ||||
| CVE-2009-3811 | 1 Assistanttools | 1 Music Tag Editor | 2026-04-23 | N/A |
| Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3812 | 1 Otslabs | 3 Otsav Dj, Otsav Radio, Otsav Tv | 2026-04-23 | N/A |
| Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file. | ||||
| CVE-2009-3813 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php. | ||||
| CVE-2009-3814 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters. | ||||
| CVE-2009-3815 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function. | ||||
| CVE-2009-3816 | 1 Ibm | 1 Lotus Connections | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3817 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||