Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | ||||
| CVE-2009-2788 | 1 Mobilelib | 1 Mobilelib Gold | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. | ||||
| CVE-2009-2789 | 2 Joomla, Permis | 2 Joomla, Com Groups | 2026-04-23 | N/A |
| SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2791 | 1 Webdynamite | 1 Projectbutler | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter. | ||||
| CVE-2009-2792 | 1 Joshua Oliver | 1 Really Simple Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | ||||
| CVE-2009-2793 | 1 Netbsd | 1 Netbsd | 2026-04-23 | N/A |
| The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. | ||||
| CVE-2009-2794 | 1 Apple | 1 Iphone Os | 2026-04-23 | N/A |
| The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. | ||||
| CVE-2009-2795 | 1 Apple | 1 Iphone Os | 2026-04-23 | N/A |
| Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing." | ||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2026-04-23 | N/A |
| Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2009-2452 | 1 Citrix | 1 Licensing | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console." | ||||
| CVE-2009-2121 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response. | ||||
| CVE-2009-2123 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2. | ||||
| CVE-2009-2124 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. | ||||
| CVE-2009-2125 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs. | ||||
| CVE-2009-2126 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field. | ||||
| CVE-2009-2127 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2009-2128 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field. | ||||
| CVE-2009-2129 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action. | ||||
| CVE-2009-2130 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | ||||
| CVE-2009-2132 | 1 4homepages | 1 4images | 2026-04-23 | N/A |
| Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | ||||