Export limit exceeded: 347276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3042 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2026-04-23 | N/A |
| SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040. | ||||
| CVE-2009-3018 | 1 Maxthon | 1 Maxthon Browser | 2026-04-23 | N/A |
| Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header. | ||||
| CVE-2009-3019 | 1 Microsoft | 3 Internet Explorer, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. | ||||
| CVE-2009-3308 | 1 Fanupdate | 1 Fanupdate | 2026-04-23 | N/A |
| SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | ||||
| CVE-2009-3021 | 2 Geeklog, Yoshinori Tahara | 2 Geeklog, Mycaljp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3053 | 2 Joomla, Jvitals | 2 Joomla, Com Agora | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. | ||||
| CVE-2009-3054 | 2 Artetics, Joomla | 2 Com Artportal, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. | ||||
| CVE-2009-3055 | 1 Dlecms | 1 Dle | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter. | ||||
| CVE-2009-3056 | 1 Bas Bloemsaat | 1 Kingcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter. | ||||
| CVE-2009-3070 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2009-3071 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2009-3073 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2009-3102 | 1 Zmanda | 1 Zrm For My Sql | 2026-04-23 | N/A |
| The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. | ||||
| CVE-2009-3091 | 1 Asus | 1 Asus Wl-330ge | 2026-04-23 | N/A |
| Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-3108 | 1 Symantec | 1 Altiris Deployment Solution | 2026-04-23 | N/A |
| The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. | ||||
| CVE-2009-3109 | 1 Symantec | 1 Altiris Deployment Solution | 2026-04-23 | N/A |
| Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed. | ||||
| CVE-2009-3123 | 1 Visavi | 1 Wap-motor | 2026-04-23 | N/A |
| Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter. | ||||
| CVE-2009-3124 | 1 Ipmotor | 1 Quarkmail | 2026-04-23 | N/A |
| Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter. | ||||
| CVE-2009-3125 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2007-4280 | 1 Asterisk | 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more | 2026-04-23 | N/A |
| The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. | ||||