Export limit exceeded: 352837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1175 | 1 Banshee-project | 1 Banshee | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message. | ||||
| CVE-2009-1176 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action. | ||||
| CVE-2009-1180 | 5 Apple, Foolabs, Glyphandcog and 2 more | 5 Cups, Xpdf, Xpdfreader and 2 more | 2026-04-23 | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. | ||||
| CVE-2009-1187 | 2 Poppler, Redhat | 2 Poppler, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). | ||||
| CVE-2009-1188 | 2 Poppler, Redhat | 2 Poppler, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | ||||
| CVE-2009-1249 | 1 Drupal | 2 Drupal, Feedapi Mapper | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. | ||||
| CVE-2009-1209 | 1 W3 | 1 Amaya | 2026-04-23 | N/A |
| Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute. | ||||
| CVE-2009-1206 | 1 Futomi | 1 Cgi Cafe Access Analyzer Cgi | 2026-04-23 | N/A |
| Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors. | ||||
| CVE-2009-1207 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. | ||||
| CVE-2009-1208 | 2 Auth2db, Auth2dbauth2db | 2 Auth2db, 0.1.1 | 2026-04-23 | N/A |
| SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings. | ||||
| CVE-2009-1225 | 1 Platinumprofitzone | 1 Turnkey Ebook Store | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | ||||
| CVE-2009-1219 | 1 Sun | 2 Java System Calendar Server, One Calendar Server | 2026-04-23 | N/A |
| Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. | ||||
| CVE-2009-1223 | 1 Fullrevolution | 1 Aspwebcalendar | 2026-04-23 | N/A |
| aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb. | ||||
| CVE-2009-3508 | 1 Fcgphilipp | 1 Mujecms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php. | ||||
| CVE-2009-1229 | 1 Arcadwy | 1 Arcadwy Arcade Script | 2026-04-23 | N/A |
| SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter. | ||||
| CVE-2009-3512 | 1 Phplemon | 1 Myweight | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php. | ||||
| CVE-2009-1235 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. | ||||
| CVE-2009-1251 | 2 Openafs, Unix | 2 Openafs, Unix | 2026-04-23 | N/A |
| Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays. | ||||
| CVE-2009-3522 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2026-04-23 | N/A |
| Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. | ||||
| CVE-2009-1260 | 1 Ezbsystems | 1 Ultraiso | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file. | ||||