Export limit exceeded: 364151 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364151 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1084 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. | ||||
| CVE-2009-1085 | 1 Matomo | 1 Matomo | 2026-04-23 | N/A |
| Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh. | ||||
| CVE-2009-1086 | 1 Nlnetlabs | 1 Ldns | 2026-04-23 | N/A |
| Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field. | ||||
| CVE-2009-1089 | 1 Rapidleech | 1 Rapidleech | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to read arbitrary files via a base64-encoded absolute path in the filename parameter. | ||||
| CVE-2009-1090 | 1 Rapidleech | 1 Rapidleech | 2026-04-23 | N/A |
| Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter. | ||||
| CVE-2009-1091 | 1 Rapidleech | 1 Rapidleech | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter. | ||||
| CVE-2009-1725 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2026-04-23 | N/A |
| WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | ||||
| CVE-2009-1094 | 2 Redhat, Sun | 6 Enterprise Linux, Network Satellite, Rhel Extras and 3 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||||
| CVE-2009-1728 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | ||||
| CVE-2009-3964 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjamonials | 2026-04-23 | N/A |
| SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php. | ||||
| CVE-2009-3965 | 1 Maniacomputer | 1 New5starrating | 2026-04-23 | N/A |
| SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter. | ||||
| CVE-2009-1098 | 2 Redhat, Sun | 6 Enterprise Linux, Network Satellite, Rhel Extras and 3 more | 2026-04-23 | N/A |
| Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||||
| CVE-2009-1729 | 1 Sun | 1 Java System Communications Express | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. | ||||
| CVE-2009-3967 | 1 Ed Charkow | 1 Supercharged Linking | 2026-04-23 | N/A |
| SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-1731 | 1 Mlffat | 1 Mlffat | 2026-04-23 | N/A |
| SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie. | ||||
| CVE-2009-3968 | 1 Itechscripts | 1 Itechbids | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238. | ||||
| CVE-2009-1102 | 2 Redhat, Sun | 3 Enterprise Linux, Rhel Extras, Java | 2026-04-23 | N/A |
| Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||||
| CVE-2009-1732 | 1 Richard Ellerbrock | 1 Ipplan | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter. | ||||
| CVE-2009-1119 | 1 Emc | 1 Replistor | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow. | ||||
| CVE-2009-1122 | 1 Microsoft | 2 Internet Information Services, Windows 2000 | 2026-04-23 | N/A |
| The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. | ||||