Export limit exceeded: 347095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3433 | 1 Sun | 1 Cluster | 2026-04-23 | N/A |
| Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors. | ||||
| CVE-2009-3434 | 3 Joomla, Mambo, Onestopjoomla | 3 Joomla, Mambo, Com Tupinambis | 2026-04-23 | N/A |
| SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | ||||
| CVE-2009-3501 | 1 Bpowerhouse | 1 Bpstudents | 2026-04-23 | N/A |
| SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action. | ||||
| CVE-2009-3459 | 2 Adobe, Redhat | 4 Acrobat, Acrobat Reader, Reader and 1 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3460 | 1 Adobe | 1 Acrobat | 2026-04-23 | N/A |
| Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2026-04-23 | N/A |
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | ||||
| CVE-2007-5019 | 1 Sun | 3 Java Web Start, Jre, Sdk | 2026-04-23 | N/A |
| Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method. | ||||
| CVE-2009-3465 | 1 Adobe | 1 Shockwave Player | 2026-04-23 | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3502 | 1 Bpowerhouse | 1 Bpmusic | 2026-04-23 | N/A |
| SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter. | ||||
| CVE-2009-3511 | 1 Fh54 | 1 Justvisual | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php. | ||||
| CVE-2009-3516 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors. | ||||
| CVE-2007-4297 | 1 Aspindir | 1 Dersimiz Haber Ekleme Modulu | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4302 | 1 Freshmeat | 1 Generic Software Wrappers Toolkit | 2026-04-23 | N/A |
| Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing. | ||||
| CVE-2009-3596 | 1 Joxtechnology | 1 Ajox Poll | 2026-04-23 | N/A |
| JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request. | ||||
| CVE-2007-4303 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2026-04-23 | N/A |
| Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb. | ||||
| CVE-2007-4826 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2026-04-23 | N/A |
| bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. | ||||
| CVE-2009-3572 | 1 Openbsd | 1 Openbsd | 2026-04-23 | N/A |
| OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. | ||||
| CVE-2009-3564 | 2 Fedoraproject, Reductivelabs | 2 Fedora, Puppet | 2026-04-23 | N/A |
| puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files. | ||||
| CVE-2009-3668 | 1 Promosi-web | 1 Ardguest | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1.8 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2009-3611 | 2 Fedoraproject, Le-web | 2 Fedora, Backintime | 2026-04-23 | 7.1 High |
| common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. | ||||