Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3223 | 1 Inoutscripts | 1 Inout Adserver | 2026-04-23 | N/A |
| SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-3224 | 2 68classifieds, Classified-software | 2 68 Classifieds, Super Mod System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter. | ||||
| CVE-2009-3226 | 1 Almondsoft | 2 Affiliate Network Classifieds, Almond Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3228 | 3 Canonical, Linux, Redhat | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more | 2026-04-23 | N/A |
| The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. | ||||
| CVE-2009-3232 | 1 Canonical | 1 Ubuntu Linux | 2026-04-23 | N/A |
| pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication. | ||||
| CVE-2009-3282 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2026-04-23 | N/A |
| Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | ||||
| CVE-2009-3236 | 1 Horde | 2 Application Framework, Groupware | 2026-04-23 | N/A |
| The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements. | ||||
| CVE-2009-3238 | 5 Canonical, Linux, Opensuse and 2 more | 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more | 2026-04-23 | 5.5 Medium |
| The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." | ||||
| CVE-2009-3240 | 2 Ohwada, Xoops | 2 Xf-section, Xoops | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3242 | 1 Wireshark | 1 Wireshark | 2026-04-23 | N/A |
| Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. | ||||
| CVE-2009-3244 | 1 Adobe | 1 Shockwave Player | 2026-04-23 | N/A |
| Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. | ||||
| CVE-2009-3246 | 1 Mybuxscript | 1 Pts-bux | 2026-04-23 | N/A |
| SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3247 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3. | ||||
| CVE-2009-3248 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php. | ||||
| CVE-2009-3251 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. | ||||
| CVE-2009-3252 | 1 Dave Robinson | 1 Rockbandcms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters. | ||||
| CVE-2009-3253 | 1 Tricerasoft | 1 Swift Ultralite | 2026-04-23 | N/A |
| Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file. | ||||
| CVE-2009-3254 | 1 Ultimatevideosite | 1 Ultimate Player | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file. | ||||
| CVE-2009-3255 | 1 Thomas Cuchta | 1 Rash | 2026-04-23 | N/A |
| SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI. | ||||
| CVE-2009-3256 | 1 Livestreet | 1 Livestreet | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter. | ||||