Export limit exceeded: 346156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346156 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2554 | 2 Joomla, Olle Johansson | 2 Joomla, Jobline | 2026-04-23 | N/A |
| SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php. | ||||
| CVE-2009-2615 | 1 Datachecknh | 1 Sitepal | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_admin_login.asp, (2) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4262 | 1 Haroldbakker | 1 Hb-ns | 2026-04-23 | N/A |
| Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php. | ||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2026-04-23 | N/A |
| Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | ||||
| CVE-2009-4263 | 1 Ptcpay | 1 Gen3 | 2026-04-23 | N/A |
| SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2009-2616 | 1 Datachecknh | 1 Sitepal | 2026-04-23 | N/A |
| SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2617 | 1 Baofeng | 1 Storm | 2026-04-23 | N/A |
| Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file. | ||||
| CVE-2009-4265 | 1 Pointdev | 1 Ideal Administration 2009 | 2026-04-23 | N/A |
| Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file. | ||||
| CVE-2009-2618 | 1 Maxdev | 1 Mdpro | 2026-04-23 | N/A |
| SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. | ||||
| CVE-2009-4266 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter. | ||||
| CVE-2009-2619 | 1 Datachecknh | 1 V-spacepal | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4270 | 1 Ghostscript | 1 Ghostscript | 2026-04-23 | N/A |
| Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. | ||||
| CVE-2009-2621 | 1 Squid-cache | 1 Squid | 2026-04-23 | N/A |
| Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. | ||||
| CVE-2009-4292 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2026-04-23 | N/A |
| Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2009-2622 | 1 Squid-cache | 1 Squid | 2026-04-23 | N/A |
| Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. | ||||
| CVE-2009-4293 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2026-04-23 | N/A |
| Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets. | ||||
| CVE-2009-2625 | 8 Apache, Canonical, Debian and 5 more | 18 Xerces2 Java, Ubuntu Linux, Debian Linux and 15 more | 2026-04-23 | N/A |
| XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2009-2626 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. | ||||
| CVE-2009-4294 | 1 Sun | 1 Ray Server Software | 2026-04-23 | N/A |
| Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. | ||||
| CVE-2009-2628 | 1 Vmware | 4 Ace, Movie Decoder, Player and 1 more | 2026-04-23 | N/A |
| The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. | ||||