Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3345 1 Sap 1 Crystal Reports Server 2026-04-23 N/A
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-1014 1 Oracle 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise 2026-04-23 N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013.
CVE-2009-1015 1 Oracle 1 Database Server 2026-04-23 N/A
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors.
CVE-2009-1017 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.
CVE-2009-1019 1 Oracle 1 Database Server 2026-04-23 N/A
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2009-1030 1 Wordpress 1 Wordpress Mu 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVE-2009-3347 1 D-link 1 Dir-400 2026-04-23 N/A
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-1031 1 Solarwinds 1 Serv-u File Server 2026-04-23 N/A
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
CVE-2009-3350 2 Drupal, Roshan Shah 2 Drupal, Subdomain Manager 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
CVE-2009-1035 2 Drupal, Jake Gordon 2 Drupal, Tasks 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).
CVE-2009-3351 2 Drupal, Kristy Frey 2 Drupal, Node Browser Module 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
CVE-2009-3353 2 Drupal, Steve Lockwood 2 Drupal, Node2node 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVE-2009-1048 1 Snom 10 Snom 300, Snom 300 Firmware, Snom 320 and 7 more 2026-04-23 9.8 Critical
The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.
CVE-2009-1058 1 Zipgenius 1 Zipgenius 2026-04-23 N/A
Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
CVE-2009-1064 2 Orbit Downloader, Orbitdownloader 2 Orbit Downloader, Orbit Downloader 2026-04-23 N/A
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
CVE-2009-1066 1 Getpixie 1 Pixie Cms 2026-04-23 N/A
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
CVE-2009-1067 1 Getpixie 1 Pixie Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.
CVE-2009-3357 2 Joomla, Joomlahbs 2 Joomla, Com Hbssearch 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
CVE-2009-1068 1 Bsplayer 1 Bs.player 2026-04-23 N/A
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
CVE-2009-3358 1 Tourismscripts 1 Adult Portal Escort Listing 2026-04-23 N/A
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.