Export limit exceeded: 365419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0598 1 Phpmesfilms 1 Phpmesfilms 2026-04-23 N/A
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0655 1 Lenovo 1 Veriface 2026-04-23 N/A
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
CVE-2009-0600 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
CVE-2009-0601 6 Apple, Freebsd, Linux and 3 more 6 Mac Os X, Freebsd, Linux Kernel and 3 more 2026-04-23 N/A
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
CVE-2009-0602 1 Wikkitikkitavi 1 Wikkitikkitavi 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
CVE-2009-0603 1 Drupal 2 Drupal, Link Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information.
CVE-2009-0604 1 Php Director 1 Php Director 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.
CVE-2009-0605 1 Linux 1 Linux Kernel 2026-04-23 N/A
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe.
CVE-2009-0606 1 Openhandsetalliance 1 Android Sdk 2026-04-23 N/A
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.
CVE-2009-0607 1 Openhandsetalliance 1 Android Sdk 2026-04-23 N/A
Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.
CVE-2009-0608 1 Android 1 Android Sdk 2026-04-23 N/A
Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.
CVE-2009-0609 1 Sun 1 Java System Directory Server 2026-04-23 N/A
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.
CVE-2009-0610 1 Dminnich 1 Simple Php News 2026-04-23 N/A
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0611 1 Novell 1 Open Enterprise Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
CVE-2009-0612 1 Trendmicro 2 Interscan Web Security Suite, Interscan Web Security Virtual Appliance 2026-04-23 N/A
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
CVE-2009-0613 1 Trendmicro 1 Interscan Web Security Suite 2026-04-23 N/A
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.
CVE-2009-0614 1 Cisco 1 Unified Meetingplace Web Conferencing 2026-04-23 N/A
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
CVE-2009-0615 1 Cisco 2 Application Control Engine Device Manager, Application Networking Manager 2026-04-23 N/A
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
CVE-2009-0616 1 Cisco 1 Application Networking Manager 2026-04-23 N/A
Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."
CVE-2009-0617 1 Cisco 1 Application Networking Manager 2026-04-23 N/A
Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.