Export limit exceeded: 363700 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363700 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3152 1 Nt 1 Bbs E-market 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.
CVE-2009-3154 2 Almondsoft, Joomla 2 Com Aclassf, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
CVE-2009-3155 2 Almondsoft, Joomla 2 Com Aclassf, Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
CVE-2009-3157 2 Drupal, Karen Stevenson 2 Drupal, Calendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVE-2007-4668 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
CVE-2009-3158 1 Carsten Wulff 1 Simplephpweb 2026-04-23 N/A
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
CVE-2009-3159 1 Ibm 1 Websphere Mq 2026-04-23 N/A
Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.
CVE-2009-3160 1 Ibm 1 Websphere Mq 2026-04-23 N/A
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue.
CVE-2009-3161 1 Ibm 1 Websphere Mq 2026-04-23 N/A
The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.
CVE-2009-3162 1 Multi-website 1 Multi Website 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
CVE-2009-3163 1 Silcnet 2 Silc Client, Silc Toolkit 2026-04-23 N/A
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.
CVE-2009-4541 1 Isolsoft 1 Support Center 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-3164 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136.
CVE-2007-4669 1 Firebirdsql 1 Firebird 2026-04-23 N/A
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
CVE-2009-3167 1 Anantasoft 1 Gazelle Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2009-4542 1 Isolsoft 1 Support Center 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2009-3168 1 Mevin 1 Basic Php Events Lister 2026-04-23 7.2 High
Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.
CVE-2009-3169 1 Hitachi 1 Jp1 File Transmission Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2009-4543 1 Cromosoft 1 Facil Helpdesk 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-3170 1 Aimp 1 Aimp2 Audio Converter 2026-04-23 N/A
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.