Search Results (361692 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2180 1 Pc4arb 1 Pc4 Uploader 2026-04-23 N/A
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
CVE-2009-2182 1 Campware.org 1 Campsite 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/.
CVE-2008-4127 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-23 N/A
Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
CVE-2009-0965 1 Ismail Fahmi 1 Ganesha Digital Library 2026-04-23 N/A
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php.
CVE-2008-4258 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2026-04-23 N/A
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."
CVE-2009-2202 1 Apple 1 Quicktime 2026-04-23 N/A
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
CVE-2009-2204 1 Apple 1 Iphone Os 2026-04-23 N/A
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
CVE-2009-2205 1 Apple 5 Java 1.4, Java 1.5, Java 1.6 and 2 more 2026-04-23 N/A
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2009-2206 1 Apple 2 Iphone Os, Ipod Touch 2026-04-23 N/A
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.
CVE-2009-2209 1 Rs-cms 1 Rs-cms 2026-04-23 N/A
SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2009-2210 2 Mozilla, Redhat 3 Seamonkey, Thunderbird, Enterprise Linux 2026-04-23 N/A
Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
CVE-2009-2213 1 Citrix 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware 2026-04-23 6.5 Medium
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
CVE-2009-2215 1 Urdland 1 Urd 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.
CVE-2009-2220 1 Tribiq 1 Tribiq Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894.
CVE-2009-2222 1 Php.s3 1 Php-i-board 2026-04-23 N/A
Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail.
CVE-2009-2231 1 Mid.as 1 Midas 2026-04-23 N/A
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
CVE-2009-2237 2 Drupal, Karim Ratib 2 Drupal, Views Bulk Operations 2026-04-23 N/A
Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions).
CVE-2009-2254 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
CVE-2009-2257 1 Netgear 1 Dg632 2026-04-23 N/A
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
CVE-2009-2261 1 Giorgio Tani 1 Peazip 2026-04-23 N/A
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.