Export limit exceeded: 25547 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366284 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1642 | 1 Mini-stream | 1 Mini-stream To Mp3 Converter | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7." | ||||
| CVE-2009-1643 | 1 Sorinara | 1 Soritong Mp3 Player | 2026-04-23 | N/A |
| Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file. | ||||
| CVE-2009-1644 | 1 Sorinara | 1 Streaming Audio Player | 2026-04-23 | N/A |
| Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file. | ||||
| CVE-2009-1645 | 1 Mini-stream | 1 Easy Rm-mp3 Converter | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. | ||||
| CVE-2009-1646 | 1 Mini-stream | 1 Mini-stream Rm Downloader | 2026-04-23 | N/A |
| Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file. | ||||
| CVE-2009-1647 | 1 Ultrafunk | 1 Popcorn | 2026-04-23 | N/A |
| Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1648 | 1 Suse | 1 Suse Linux | 2026-04-23 | N/A |
| The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services. | ||||
| CVE-2009-1649 | 1 Bicluc | 1 Belive | 2026-04-23 | N/A |
| Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter. | ||||
| CVE-2009-1650 | 1 Tenfourzero | 1 Shutter | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. | ||||
| CVE-2009-1651 | 1 2daybiz | 1 Business Community Script | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | ||||
| CVE-2009-1652 | 1 2daybiz | 1 Business Community Script | 2026-04-23 | N/A |
| admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. | ||||
| CVE-2009-1653 | 1 Tinybutstrong | 1 Tinybutstrong | 2026-04-23 | N/A |
| Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter. | ||||
| CVE-2009-1654 | 1 Easy-scripts | 1 Answer And Question Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | ||||
| CVE-2009-1655 | 1 Easy-scripts | 1 Answer And Question Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password. | ||||
| CVE-2009-1656 | 1 Xerox | 1 Workcentre | 2026-04-23 | N/A |
| Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | ||||
| CVE-2009-1657 | 1 B2evolution | 2 B2evolution, Starrating Plugin | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-1658 | 1 Realtywebware | 1 Realty Web-base | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1659 | 1 Intelliants | 1 Elitius | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. | ||||
| CVE-2009-1660 | 1 Urusoft | 1 Viplay3 | 2026-04-23 | N/A |
| Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file. | ||||
| CVE-2009-1661 | 1 Anoldman | 1 Utopic | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | ||||