Export limit exceeded: 359337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1594 | 1 Armorlogic | 1 Profense Web Application Firewall | 2026-04-23 | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL. | ||||
| CVE-2009-1596 | 1 Igniterealtime | 1 Openfire | 2026-04-23 | 6.5 Medium |
| Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. | ||||
| CVE-2009-1597 | 2 Adobe, Mozilla | 2 Acrobat Reader, Firefox | 2026-04-23 | N/A |
| Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | ||||
| CVE-2009-1598 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | ||||
| CVE-2009-1599 | 2 Adobe, Opera | 2 Acrobat Reader, Opera Browser | 2026-04-23 | N/A |
| Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | ||||
| CVE-2009-1600 | 2 Adobe, Apple | 2 Acrobat Reader, Safari | 2026-04-23 | N/A |
| Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | ||||
| CVE-2009-1601 | 1 Ubuntu | 1 Linux | 2026-04-23 | N/A |
| The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. | ||||
| CVE-2009-1602 | 1 Pablosoftwaresolutions | 1 Quick\'n Easy Mail Server | 2026-04-23 | N/A |
| Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands. | ||||
| CVE-2009-1603 | 2 Fedoraproject, Opensc-project | 2 Fedora, Opensc | 2026-04-23 | 7.5 High |
| src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | ||||
| CVE-2009-1604 | 1 Limesurvey | 1 Limesurvey | 2026-04-23 | N/A |
| Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/. | ||||
| CVE-2009-1605 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2026-04-23 | 5.4 Medium |
| Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1606 | 1 Dafolo | 1 Dafolocontrol | 2026-04-23 | N/A |
| Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1607 | 1 Linkbase | 1 Linkbase | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu. | ||||
| CVE-2009-1608 | 1 Microchip | 1 Mplab Ide | 2026-04-23 | N/A |
| Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields. | ||||
| CVE-2009-1609 | 1 Battleblog | 1 Battle Blog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | ||||
| CVE-2009-1610 | 1 Jobscript | 1 Job Script Job Board Software | 2026-04-23 | N/A |
| admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request. | ||||
| CVE-2009-1611 | 1 Electrasoft | 1 32bit Ftp | 2026-04-23 | N/A |
| Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command. | ||||
| CVE-2009-1612 | 1 Baofeng | 1 Storm | 2026-04-23 | N/A |
| Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected. | ||||
| CVE-2009-1613 | 1 Gowondesigns | 1 Leap | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter. | ||||
| CVE-2009-0042 | 2 Broadcom, Ca | 19 Anti-spyware, Anti-spyware For The Enterprise, Anti-virus and 16 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. | ||||