Export limit exceeded: 363367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363367 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2134 1 Pivot 1 Pivot 2026-04-23 N/A
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
CVE-2009-2136 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames.
CVE-2009-2139 1 Sun 1 Openoffice.org 2026-04-23 N/A
Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.
CVE-2009-2141 1 Tbdev 1 Tbdev.net 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.
CVE-2009-2142 1 Zipstore 1 Zip Store Chat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
CVE-2009-2143 2 Firestats, Wordpress 2 Firestats, Wordpress 2026-04-23 N/A
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.
CVE-2009-2144 3 Edgewall, Firestats, Wordpress 3 Firestats, Firestats, Wordpress 2026-04-23 N/A
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4078 1 Redmine 1 Redmine 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2145 1 Pantha 1 Translucid 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.
CVE-2009-2146 1 Sugarcrm 1 Sugarcrm 2026-04-23 N/A
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.
CVE-2009-2148 1 Campusvirtualcomputrade 1 Campus Virtual-lms 2026-04-23 N/A
SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2149 1 Campusvirtualcomputrade 1 Campus Virtual-lms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php.
CVE-2009-4079 1 Redmine 1 Redmine 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
CVE-2009-2150 1 Campusvirtualcomputrade 1 Campus Virtual-lms 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.
CVE-2009-2151 1 Adaptweb 1 Adaptweb 2026-04-23 N/A
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
CVE-2009-2152 1 Isabela Gasparini 1 Adaptweb 2026-04-23 N/A
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.
CVE-2007-4952 1 Omnistar Interactive 1 Omnistar Article Manager 2026-04-23 N/A
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
CVE-2009-2153 1 Sappy.dk 1 Impleo Music Collection 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
CVE-2007-4956 1 Kwsphp 1 Kwsphp 2026-04-23 N/A
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
CVE-2009-2154 1 Sappy.dk 1 Impleo Music Collection 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.