Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3936 1 Citrix 3 Online Plug-in For Mac, Online Plug-in For Windows, Receiver For Iphone 2026-04-23 N/A
Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.
CVE-2009-3932 1 Google 1 Chrome 2026-04-23 N/A
The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
CVE-2006-5228 1 Rob Hensley 1 Ackertodo 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters.
CVE-2009-3924 2 Punkbuster, Raven Software 2 Punkbuster, Soldier Of Fortune 2 2026-04-23 N/A
Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet.
CVE-2006-4513 1 Wvware 1 Wvware 2026-04-23 N/A
Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
CVE-2006-6306 1 Novell 1 Client 2026-04-23 N/A
Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.
CVE-2009-3920 2 Drupal, Sean Robertson 2 Drupal, Crmngp 2026-04-23 N/A
An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors.
CVE-2009-3919 2 Drupal, Sean Robertson 2 Drupal, Crmngp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."
CVE-2006-6142 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
CVE-2009-3900 1 Ibm 2 Aix, Powerha 2026-04-23 N/A
Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).
CVE-2009-3899 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2009-3898 2 F5, Nginx 2 Nginx, Nginx 2026-04-23 N/A
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
CVE-2009-3888 1 Linux 1 Linux Kernel 2026-04-23 N/A
The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.
CVE-2009-3878 2 Intevydis, Sun 2 Vulndisco Pack, Java System Web Server 2026-04-23 N/A
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-3873 3 Microsoft, Redhat, Sun 10 Windows, Enterprise Linux, Network Satellite and 7 more 2026-04-23 N/A
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
CVE-2009-3847 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2009-3839 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.
CVE-2009-3836 1 Arubanetworks 2 Aruba Mobility Controller, Arubaos 2026-04-23 N/A
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.
CVE-2009-3831 2 Microsoft, Opera 2 Windows, Opera Browser 2026-04-23 N/A
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
CVE-2009-3822 2 Fijiwebdesign, Joomla 2 Com Ajaxchat, Joomla\! 2026-04-23 N/A
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.