Export limit exceeded: 10534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4384 | 1 Scriptsez | 1 Ez Poll Hoster | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php. | ||||
| CVE-2009-4386 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2026-04-23 | N/A |
| SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors. | ||||
| CVE-2009-4388 | 2 Frank Krger, Typo3 | 2 Nl Listman, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4392 | 1 Typo3 | 2 Typo3, Xds Staff | 2026-04-23 | N/A |
| SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4396 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-4844 | 1 X-diesel | 1 Unreal Commander | 2026-04-23 | N/A |
| X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. | ||||
| CVE-2009-4403 | 1 Rumbacms | 1 Rumba Xml | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4404 | 1 Jochen Striepe | 1 T-prot | 2026-04-23 | N/A |
| Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4405 | 1 Edgewall | 1 Trac | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6." | ||||
| CVE-2009-4415 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php. | ||||
| CVE-2009-4421 | 1 Alexander Palmo | 1 Simple Php Blog | 2026-04-23 | N/A |
| Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. | ||||
| CVE-2009-4425 | 1 Idevspot | 1 Idevcart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter in a browse action. | ||||
| CVE-2009-4428 | 2 Joomla, Joomplace | 2 Joomla, Com Joomportfolio | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | ||||
| CVE-2009-4430 | 1 Virtuemart | 1 Virtuemart | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action. | ||||
| CVE-2009-4438 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | ||||
| CVE-2009-4441 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. | ||||
| CVE-2009-4442 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. | ||||
| CVE-2009-4443 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. | ||||
| CVE-2008-2250 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." | ||||
| CVE-2009-4457 | 1 Provider4u | 1 Vsftpd Webmin Module | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to "Some security issues." | ||||