Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2341 1 Shalwan 1 Opial 2026-04-23 N/A
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2009-2342 1 Hans Oesterholt 1 Cmme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2007-4483 1 Wordpress 1 Wordpressclassic 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
CVE-2009-2092 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.
CVE-2009-2096 1 David Degner 1 Phpcollegeexchange 2026-04-23 N/A
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
CVE-2009-2089 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.
CVE-2009-2087 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.
CVE-2009-2074 1 Drupal 2 Drupal, Nodequeue 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.
CVE-2009-2065 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-2063 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
CVE-2009-2045 1 Cisco 2 Video Surveillance Integrated Services Platform, Video Surveillance Stream Manager 2026-04-23 N/A
The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924.
CVE-2009-2044 2 Linux, Mozilla 2 Linux Kernel, Firefox 2026-04-23 N/A
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
CVE-2009-2039 1 Oscommerce 2 Luottokunta, Oscommerce 2026-04-23 N/A
Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders.
CVE-2009-2038 1 Oscommerce 2 Finnish Bank Payment, Oscommerce 2026-04-23 N/A
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.
CVE-2009-2034 1 Ricardo Alexandre De Oliveira Staudt 1 Yogurt 2026-04-23 N/A
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
CVE-2007-4047 1 Geoblog 1 Geoblog 2026-04-23 N/A
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
CVE-2009-1879 1 Adobe 1 Flex Sdk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2009-1886 1 Samba 1 Samba 2026-04-23 N/A
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
CVE-2007-4926 1 Axis 1 207w Camera 2026-04-23 N/A
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.
CVE-2009-1909 1 Openskip 1 Skip 2026-04-23 N/A
SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.