Export limit exceeded: 363049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363049 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4339 | 2 Stephan Vits, Typo3 | 2 Mf Subscription, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2009-4342 | 2 Melvin Mach, Typo3 | 2 Jobexchange, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2009-4343 | 2 Dominic Eckart, Typo3 | 2 Trainincdb, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4344 | 2 Tobias Sommer, Typo3 | 2 Zid Linklist, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5354 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | ||||
| CVE-2009-4345 | 2 Jonas Renggli, Typo3 | 2 Vshoutbox, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4346 | 2 Toni Milovan, Typo3 | 2 Fe Rtenews, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4347 | 1 Liran Tal | 1 Daloradius | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2009-4348 | 1 Haroldbakker | 1 Hb-ns | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146. | ||||
| CVE-2009-3212 | 1 Dimofinf | 1 Infinity Script | 2026-04-23 | N/A |
| SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2009-4350 | 1 Boldfx | 1 Arctic Issue Tracker | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4352 | 1 Transware | 1 Active Mail 2003 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Cc, and (4) Bcc parameters. | ||||
| CVE-2009-4353 | 1 Transware | 1 Active\! Mail | 2026-04-23 | N/A |
| The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. | ||||
| CVE-2008-5371 | 1 Marc Gloor | 1 Screenie | 2026-04-23 | N/A |
| screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | ||||
| CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2026-04-23 | N/A |
| TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | ||||
| CVE-2009-4355 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Openssl | 2026-04-23 | N/A |
| Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||||
| CVE-2008-5374 | 2 Matthias Klose, Redhat | 2 Bash-doc, Enterprise Linux | 2026-04-23 | N/A |
| bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. | ||||
| CVE-2009-4358 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. | ||||
| CVE-2008-5377 | 1 Apple | 1 Cups | 2026-04-23 | N/A |
| pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | ||||
| CVE-2009-4359 | 2 Marc-andre Lanciault, Xoops | 2 Smartmedia, Xoops | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter. | ||||