Export limit exceeded: 18774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0514 | 1 Webframe | 1 Webframe | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php. | ||||
| CVE-2009-0515 | 1 Yanocc | 1 Yanocc | 2026-04-23 | N/A |
| Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2009-0516 | 1 Businessspace | 1 Businessspace | 2026-04-23 | N/A |
| SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2009-0517 | 1 Phpslash | 1 Phpslash | 2026-04-23 | N/A |
| Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0518 | 1 Vmware | 3 Vmware Esx, Vmware Esxi, Vmware Virtualcenter | 2026-04-23 | N/A |
| VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. | ||||
| CVE-2009-0566 | 1 Microsoft | 1 Office Publisher | 2026-04-23 | N/A |
| Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." | ||||
| CVE-2009-3424 | 1 Databay | 1 Maxcms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) is_projectPath parameter to includes/InstantSite/inc.is_root.php; GLOBALS[thCMS_root] parameter to (2) classes/class.Tree.php, (3) includes/inc.thcms_admin_mediamanager.php, and (4) modul/mod.rssreader.php; is_path parameter to (5) class.tasklist.php, (6) class.thcms.php, (7) class.thcms_content.php, (8) class.thcms_modul_parent.php, (9) class.thcms_page.php, and (10) class.thcsm_user.php in classes/; and (11) includes/InstantSite/class.Tree.php; and thCMS_root parameter to (12) classes/class.thcms_modul.php; (13) inc.page_edit_tasklist.php, (14) inc.thcms_admin_overview_backup.php, and (15) inc.thcms_edit_content.php in includes/; and (16) class.thcms_modul_parent_xml.php, (17) mod.cmstranslator.php, (18) mod.download.php, (19) mod.faq.php, (20) mod.guestbook.php, (21) mod.html.php, (22) mod.menu.php, (23) mod.news.php, (24) mod.newsticker.php, (25) mod.rss.php, (26) mod.search.php, (27) mod.sendtofriend.php, (28) mod.sitemap.php, (29) mod.tagdoc.php, (30) mod.template.php, (31) mod.test.php, (32) mod.text.php, (33) mod.upload.php, and (34) mod.users.php in modul/. | ||||
| CVE-2009-0527 | 1 Adaptcms | 1 Adaptcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | ||||
| CVE-2009-0528 | 1 Rhadrix | 1 If-cms | 2026-04-23 | N/A |
| SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-0529 | 1 Electrictoad | 1 Snippetmaster Webpage Editor | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter. | ||||
| CVE-2009-0531 | 1 Ontarioabandonedplaces | 1 A Better Member-based Asp Photo Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. | ||||
| CVE-2009-0532 | 1 Scripts-for-sites | 1 Ez Baby | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0533 | 1 Scripts-for-sites | 1 Ez Reminder | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0535 | 1 Extrosoft | 1 Thyme | 2026-04-23 | N/A |
| Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter. | ||||
| CVE-2009-0536 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. | ||||
| CVE-2009-0537 | 2 Microsoft, Openbsd | 2 Interix, Openbsd | 2026-04-23 | N/A |
| Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. | ||||
| CVE-2009-0538 | 1 Symantec | 1 Pcanywhere | 2026-04-23 | N/A |
| Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). | ||||
| CVE-2009-0540 | 1 Insightinformatics | 1 Libero | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field. | ||||
| CVE-2009-3430 | 1 Allomani | 1 Mobile | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | ||||
| CVE-2009-0542 | 1 Proftpd Project | 1 Proftpd | 2026-04-23 | N/A |
| SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. | ||||