Export limit exceeded: 366303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2293 | 1 Tutorial-share | 1 Tutorial Share | 2026-04-23 | N/A |
| Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter. | ||||
| CVE-2009-2294 | 1 Dillo | 1 Dillo | 2026-04-23 | N/A |
| Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values. | ||||
| CVE-2009-2295 | 1 Jun Furuse | 1 Camlimages | 2026-04-23 | N/A |
| Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function. | ||||
| CVE-2009-2296 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors. | ||||
| CVE-2009-2297 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches. | ||||
| CVE-2009-2298 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420. | ||||
| CVE-2009-2299 | 2 Apache, Hyperguard Web Application Firewall Project | 2 Http Server, Hyperguard Web Application Firewall | 2026-04-23 | N/A |
| The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data. | ||||
| CVE-2009-2300 | 1 Phion | 1 Airlock Web Application Firewall | 2026-04-23 | N/A |
| The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request. | ||||
| CVE-2009-2301 | 1 Radware | 2 Appwall, Gateway | 2026-04-23 | N/A |
| The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. | ||||
| CVE-2009-2302 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected. | ||||
| CVE-2009-2303 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | N/A |
| index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | ||||
| CVE-2009-2304 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | N/A |
| index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message. | ||||
| CVE-2009-2305 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2026-04-23 | N/A |
| The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences. | ||||
| CVE-2009-2306 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2026-04-23 | N/A |
| The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini. | ||||
| CVE-2009-2307 | 1 Maxdev | 2 Cwguestbook, Md-pro | 2026-04-23 | N/A |
| SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. | ||||
| CVE-2009-1848 | 2 Joomla, Joomlame | 2 Joomla, Com Agoragroup | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. | ||||
| CVE-2009-1840 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. | ||||
| CVE-2009-1841 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||||
| CVE-2009-1842 | 1 Phpnuke | 1 Php-nuke | 2026-04-23 | N/A |
| SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | ||||
| CVE-2009-1843 | 1 Glenn Mcgurrin | 1 Flash Quiz | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php. | ||||