Export limit exceeded: 352851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1745 | 1 Armorlogic | 1 Profense Web Application Firewall | 2026-04-23 | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2009-1749 | 1 Joost Horward | 1 Catviz | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. | ||||
| CVE-2009-1748 | 1 Joost Horward | 1 Catviz | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter. | ||||
| CVE-2009-1747 | 1 26thavenue | 1 Bspeak | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action. | ||||
| CVE-2009-1746 | 1 Diangemilang | 1 Dgnews | 2026-04-23 | N/A |
| SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | ||||
| CVE-2009-1744 | 1 Pinnaclesys | 1 Pinnacle Studio | 2026-04-23 | N/A |
| InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file. | ||||
| CVE-2009-1740 | 1 Dlink | 1 Mpeg4 Viewer Activex Control | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1737 | 1 Diqiye | 1 Mypic | 2026-04-23 | N/A |
| Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
| CVE-2009-1750 | 1 Omnisoftsol | 1 Vidsharepro | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2009-1741 | 1 Dutchmonkey | 1 Dm Filemanager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | ||||
| CVE-2009-1739 | 1 Phpeasycode | 1 Pad Site Scripts | 2026-04-23 | N/A |
| PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username. | ||||
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | ||||
| CVE-2009-1727 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. | ||||
| CVE-2009-1008 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. | ||||
| CVE-2009-1009 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. | ||||
| CVE-2009-1010 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. | ||||
| CVE-2009-1012 | 1 Oracle | 1 Bea Product Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow. | ||||
| CVE-2009-1013 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2026-04-23 | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1014. | ||||
| CVE-2009-1014 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2026-04-23 | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013. | ||||
| CVE-2009-1015 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors. | ||||