Export limit exceeded: 358290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2145 | 1 Pantha | 1 Translucid | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page. | ||||
| CVE-2009-2146 | 1 Sugarcrm | 1 Sugarcrm | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name. | ||||
| CVE-2009-2150 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php. | ||||
| CVE-2009-2151 | 1 Adaptweb | 1 Adaptweb | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. | ||||
| CVE-2009-2152 | 1 Isabela Gasparini | 1 Adaptweb | 2026-04-23 | N/A |
| SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. | ||||
| CVE-2009-2153 | 1 Sappy.dk | 1 Impleo Music Collection | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | ||||
| CVE-2009-2154 | 1 Sappy.dk | 1 Impleo Music Collection | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2009-2163 | 1 Sitecore | 1 Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. | ||||
| CVE-2009-2173 | 1 Gameis | 1 Carom3d | 2026-04-23 | N/A |
| The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012. | ||||
| CVE-2009-2174 | 1 Gupnp | 1 Gupnp | 2026-04-23 | N/A |
| GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. | ||||
| CVE-2009-2176 | 1 Fuzzylime | 1 Fuzzylime Cms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | ||||
| CVE-2009-2177 | 1 Fuzzylime | 1 Fuzzylime Cms | 2026-04-23 | N/A |
| code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value. | ||||
| CVE-2009-2178 | 1 W2b | 1 Phpdatingclub | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2009-2179 | 1 W2b | 1 Phpdatingclub | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. | ||||
| CVE-2009-2180 | 1 Pc4arb | 1 Pc4 Uploader | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter. | ||||
| CVE-2009-2183 | 1 Campware.org | 1 Campsite | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter. | ||||
| CVE-2009-2184 | 1 Gravy-media | 1 Media Photo Host | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter. | ||||
| CVE-2009-2185 | 3 Redhat, Strongswan, Xelerance | 3 Enterprise Linux, Strongswan, Openswan | 2026-04-23 | N/A |
| The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. | ||||
| CVE-2009-2186 | 1 Adobe | 1 Shockwave Player | 2026-04-23 | N/A |
| Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465." | ||||
| CVE-2009-2187 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages. | ||||