Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | ||||
| CVE-2009-1737 | 1 Diqiye | 1 Mypic | 2026-04-23 | N/A |
| Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
| CVE-2009-1739 | 1 Phpeasycode | 1 Pad Site Scripts | 2026-04-23 | N/A |
| PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username. | ||||
| CVE-2009-1740 | 1 Dlink | 1 Mpeg4 Viewer Activex Control | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1741 | 1 Dutchmonkey | 1 Dm Filemanager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | ||||
| CVE-2009-1750 | 1 Omnisoftsol | 1 Vidsharepro | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2009-1744 | 1 Pinnaclesys | 1 Pinnacle Studio | 2026-04-23 | N/A |
| InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file. | ||||
| CVE-2009-1745 | 1 Armorlogic | 1 Profense Web Application Firewall | 2026-04-23 | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2009-1746 | 1 Diangemilang | 1 Dgnews | 2026-04-23 | N/A |
| SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | ||||
| CVE-2009-1747 | 1 26thavenue | 1 Bspeak | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action. | ||||
| CVE-2009-1748 | 1 Joost Horward | 1 Catviz | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter. | ||||
| CVE-2009-1749 | 1 Joost Horward | 1 Catviz | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. | ||||
| CVE-2009-1752 | 1 Exjune | 1 Office Message System | 2026-04-23 | N/A |
| exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1753 | 1 Emn | 1 Coccinelle | 2026-04-23 | N/A |
| Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file." | ||||
| CVE-2009-1754 | 1 Google | 1 Android | 2026-04-23 | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | ||||
| CVE-2009-1755 | 1 Nlnetlabs | 1 Nsd | 2026-04-23 | N/A |
| Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow. | ||||
| CVE-2009-1756 | 1 Simone Rota | 1 Slim Simple Login Manager | 2026-04-23 | N/A |
| SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments. | ||||
| CVE-2009-1757 | 1 Transmissionbt | 1 Transmission | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2009-1758 | 3 Linux, Redhat, Xen | 3 Linux Kernel, Enterprise Linux, Xen | 2026-04-23 | N/A |
| The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." | ||||
| CVE-2009-1760 | 1 Rasterbar Software | 1 Libtorrent | 2026-04-23 | N/A |
| Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. | ||||