Export limit exceeded: 346156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346156 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2296 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors. | ||||
| CVE-2009-2297 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches. | ||||
| CVE-2009-2298 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420. | ||||
| CVE-2009-2300 | 1 Phion | 1 Airlock Web Application Firewall | 2026-04-23 | N/A |
| The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request. | ||||
| CVE-2009-2301 | 1 Radware | 2 Appwall, Gateway | 2026-04-23 | N/A |
| The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. | ||||
| CVE-2009-2302 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected. | ||||
| CVE-2009-2303 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-23 | N/A |
| index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | ||||
| CVE-2009-2310 | 1 Bow Der Kleine | 1 X-blc | 2026-04-23 | N/A |
| SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | ||||
| CVE-2009-2311 | 2 Selbstzweck, Woltlab | 2 Rgallery Plugin, Burning Board | 2026-04-23 | N/A |
| SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627. | ||||
| CVE-2009-2312 | 1 Mcafee | 1 Smartfilter | 2026-04-23 | N/A |
| SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges. | ||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | ||||
| CVE-2009-2314 | 1 Sun | 2 Lightweight Availability Collection Tool, Solaris | 2026-04-23 | N/A |
| Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors. | ||||
| CVE-2009-2317 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | ||||
| CVE-2009-2319 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2009-2320 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript. | ||||
| CVE-2009-2321 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string. | ||||
| CVE-2009-2322 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2323 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script. | ||||
| CVE-2009-2324 | 1 Fckeditor | 1 Fckeditor | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. | ||||