Search Results (363433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2546 1 Anelectron 1 Advanced Electron Forum 2026-04-23 N/A
Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2545 1 Anelectron 1 Advanced Electron Forum 2026-04-23 N/A
SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2544 2 Marcelo Costa, Microsoft 3 Fileserver, Messenger Plus\! Live, Windows Live Messenger 2026-04-23 N/A
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
CVE-2009-2607 2 Joomla, Pinme 2 Joomla, Com Pinboard 2026-04-23 N/A
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
CVE-2009-2543 1 Ibm 4 Proventia Desktop Endpoint Security, Proventia Network Mail Security System, Proventia Network Mail Security System Vitual Appliance and 1 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allow remote attackers to bypass detection of malware via a modified (1) ZIP or (2) CAB archive, a related issue to CVE-2009-1240.
CVE-2009-2542 1 Netscape 1 Navigator 2026-04-23 N/A
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2541 1 Sony 1 Playstation 3 2026-04-23 7.5 High
The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2540 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2606 1 Brainjar 1 Asp Football Pool 2026-04-23 N/A
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb.
CVE-2009-2539 1 Aigo 1 Aigo Md P8860 2026-04-23 N/A
The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2537 1 Kde 1 Konqueror 2026-04-23 N/A
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2605 1 Traidnt 1 Traidnt Up 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
CVE-2009-2536 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2603 1 E-supportportal 1 Escon Supportportal Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
CVE-2009-2535 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-23 N/A
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2534 1 Realnetworks 2 Helix Server, Helix Server Mobile 2026-04-23 N/A
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.
CVE-2009-2450 1 Tallemu 2 Online Armor Personal Firewall Av\+, Personal Firewall 2026-04-23 N/A
The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.
CVE-2009-2451 1 Mim.infinix 1 Infinix 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form.
CVE-2009-4203 1 Arabportal 1 Arab Portal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.
CVE-2009-4204 1 Ringsworld 1 Flashlight Free Edition 2026-04-23 N/A
SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter.