Export limit exceeded: 362962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5024 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2026-04-23 | N/A |
| Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. | ||||
| CVE-2009-3881 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2026-04-23 | N/A |
| Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||||
| CVE-2009-3889 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. | ||||
| CVE-2009-3890 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. | ||||
| CVE-2009-3894 | 2 Dag.wieers, Redhat | 2 Dstat, Enterprise Linux | 2026-04-23 | N/A |
| Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory. | ||||
| CVE-2009-3896 | 2 F5, Nginx | 2 Nginx, Nginx | 2026-04-23 | N/A |
| src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | ||||
| CVE-2009-3901 | 1 Ecouriersoftware | 1 E-courirer Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors. | ||||
| CVE-2009-3904 | 1 Cubecart | 1 Cubecart | 2026-04-23 | N/A |
| classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header. | ||||
| CVE-2009-3905 | 1 Ecouriersoftware | 1 E-courirer Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3911 | 1 Tftgallery | 1 Tftgallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter. | ||||
| CVE-2009-3917 | 2 Drupal, Greg Knaddison | 2 Drupal, S5 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element. | ||||
| CVE-2009-3918 | 2 Drupal, Karim Ratib | 2 Drupal, Zoomify | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. | ||||
| CVE-2008-5025 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. | ||||
| CVE-2009-3921 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Smartqueue Og | 2026-04-23 | N/A |
| The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. | ||||
| CVE-2009-3922 | 2 Chad Phillips, Drupal | 2 Userprotect, Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule. | ||||
| CVE-2009-3938 | 1 Poppler | 1 Poppler | 2026-04-23 | N/A |
| Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file. | ||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. | ||||
| CVE-2009-3939 | 7 Avaya, Canonical, Debian and 4 more | 20 Aura Application Enablement Services, Aura Communication Manager, Aura Session Manager and 17 more | 2026-04-23 | 7.1 High |
| The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | ||||
| CVE-2009-3940 | 1 Sun | 2 Virtualbox, Xvm Virtualbox | 2026-04-23 | N/A |
| Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. | ||||
| CVE-2009-3943 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | ||||