Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2373 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2374 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache. | ||||
| CVE-2009-2376 | 1 Tangocms | 1 Tangocms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module. | ||||
| CVE-2009-2377 | 1 Avax-software | 1 Avax Vector Activex | 2026-04-23 | N/A |
| Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service (application crash) via a long PrinterName property. | ||||
| CVE-2009-2378 | 1 Jtr | 1 Jax Formmailer | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the BASE_DIR[jax_formmailer] parameter. | ||||
| CVE-2009-2380 | 1 4homepages | 1 4images | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable. | ||||
| CVE-2009-2381 | 1 Gizmo5 | 1 Gizmo | 2026-04-23 | N/A |
| Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, which allows remote servers to obtain the credentials of arbitrary users via a spoofed certificate. | ||||
| CVE-2009-2387 | 1 Sun | 1 Opensolaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function. | ||||
| CVE-2009-2388 | 1 Shalwan | 1 Opial | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2389 | 1 Usolved | 1 Newsolved | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter. | ||||
| CVE-2009-2390 | 2 F-cimag-in, Joomla | 2 Com Bookflip, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php. | ||||
| CVE-2009-2391 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter. | ||||
| CVE-2009-2392 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2026-04-23 | N/A |
| SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter. | ||||
| CVE-2009-2485 | 1 Tingan | 1 Ht-mp3player | 2026-04-23 | N/A |
| Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file. | ||||
| CVE-2009-2394 | 2 Mr Saphp Arabic Mobile, Smspages | 2 Messages Library, Smspages | 2026-04-23 | N/A |
| SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | ||||
| CVE-2009-2395 | 2 Joomla, Joomlaworks | 2 Joomla\!, Com K2 | 2026-04-23 | N/A |
| SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. | ||||
| CVE-2009-2396 | 2 Dutchmonkey, Wordpress | 2 Dm Album, Wordpress | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter. | ||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | ||||
| CVE-2009-2398 | 1 Php-sugar | 1 Php-sugar | 2026-04-23 | N/A |
| Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter. | ||||
| CVE-2009-2399 | 1 Dutchmonkey | 1 Dm Filemanager | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter. | ||||