Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2352 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta are also affected. | ||||
| CVE-2009-2353 | 1 Eaccelerator | 1 Eaccelerator | 2026-04-23 | N/A |
| encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files. | ||||
| CVE-2009-2354 | 1 Nulllogic | 1 Groupware | 2026-04-23 | N/A |
| SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2009-2355 | 1 Dan Cahill | 1 Nulllogic Groupware | 2026-04-23 | N/A |
| The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function. | ||||
| CVE-2009-2356 | 1 Dan Cahill | 1 Nulllogic Groupware | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query. | ||||
| CVE-2009-2357 | 1 Yasinkaplan | 1 Tekradius | 2026-04-23 | N/A |
| The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. | ||||
| CVE-2009-2358 | 1 Yasinkaplan | 1 Tekradius | 2026-04-23 | N/A |
| TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file. | ||||
| CVE-2009-2360 | 1 Horde | 1 Passwd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. | ||||
| CVE-2009-2361 | 1 Osticket | 1 Osticket | 2026-04-23 | N/A |
| SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. | ||||
| CVE-2009-2362 | 1 Yukudr | 1 Audioplus | 2026-04-23 | N/A |
| Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file. | ||||
| CVE-2009-2363 | 1 Yukudr | 1 Audioplus | 2026-04-23 | N/A |
| Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument. | ||||
| CVE-2009-2364 | 1 Mp3-nator | 1 Mp3-nator | 2026-04-23 | N/A |
| Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry. | ||||
| CVE-2009-2365 | 1 Datachecknh | 1 Gallerypal Fe | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2366 | 1 Datachecknh | 2 Forumpal, Forumpal Fe | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2384 | 1 Mathi | 1 Peamp | 2026-04-23 | N/A |
| Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2368 | 1 Matteo Ricchetti | 1 Ss5 | 2026-04-23 | N/A |
| Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors. | ||||
| CVE-2009-2369 | 1 Wxwidgets | 1 Wxwidgets | 2026-04-23 | N/A |
| Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2370 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2026-04-23 | N/A |
| Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | ||||
| CVE-2009-2372 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | ||||