Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0862 | 1 Tangocms | 1 Tangocms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0863 | 1 Matteoiammarrone | 1 S-cms | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-0864 | 1 Matteoiammarrone | 1 S-cms | 2026-04-23 | N/A |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | ||||
| CVE-2009-0865 | 1 Geovision | 1 Livex Activex Control | 2026-04-23 | N/A |
| Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods. | ||||
| CVE-2009-0868 | 3 Fujitsu, Microsoft, Sun | 3 Jasmine2000, Windows, Solaris | 2026-04-23 | N/A |
| CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2009-0869 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager Hsm, Windows | 2026-04-23 | N/A |
| Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2009-0870 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. | ||||
| CVE-2009-0872 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. | ||||
| CVE-2009-0873 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2026-04-23 | N/A |
| The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other." | ||||
| CVE-2009-0882 | 1 Roman Bogorodskiy | 1 Nforum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php. | ||||
| CVE-2009-0875 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. | ||||
| CVE-2009-0876 | 2 Linux, Sun | 2 Linux Kernel, Xvm Virtualbox | 2026-04-23 | N/A |
| Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN. | ||||
| CVE-2009-0878 | 1 Wesnoth | 1 Wesnoth | 2026-04-23 | N/A |
| The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. | ||||
| CVE-2009-0879 | 2 Ibm, Microsoft | 2 Director, Windows | 2026-04-23 | N/A |
| The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | ||||
| CVE-2009-0884 | 1 Filezilla-project | 1 Filezilla Server | 2026-04-23 | N/A |
| Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets. | ||||
| CVE-2009-0885 | 1 Mediacommands | 1 Media Commands | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file. | ||||
| CVE-2009-0886 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter. | ||||
| CVE-2009-0888 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889. | ||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | ||||
| CVE-2009-0893 | 1 Xvid | 1 Xvid | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions. | ||||