Search Results (361680 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2311 2 Selbstzweck, Woltlab 2 Rgallery Plugin, Burning Board 2026-04-23 N/A
SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
CVE-2009-2316 1 Ibm 1 Tivoli Identity Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.
CVE-2009-2317 1 Axesstel 1 Mv 410r 2026-04-23 N/A
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
CVE-2009-2321 1 Axesstel 1 Mv 410r 2026-04-23 N/A
cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string.
CVE-2009-2323 1 Axesstel 1 Mv 410r 2026-04-23 N/A
The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script.
CVE-2009-2330 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
CVE-2009-2331 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.
CVE-2009-2333 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php.
CVE-2009-2337 1 W3bcms 2 Gaestebuch Guestbook Module, W3bcms 2026-04-23 N/A
SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.
CVE-2009-1024 1 Beerwin 1 Phplinkadmin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
CVE-2009-2340 1 Opial 1 Opial 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2342 1 Hans Oesterholt 1 Cmme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2009-2348 1 Google 1 Android 2026-04-23 N/A
Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.
CVE-2009-2350 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312.
CVE-2007-0665 1 Ipswitch 1 Ws Ftp Pro 2026-04-23 N/A
Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.
CVE-2009-1033 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
CVE-2009-2351 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
CVE-2009-2353 1 Eaccelerator 1 Eaccelerator 2026-04-23 N/A
encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files.
CVE-2009-2355 1 Dan Cahill 1 Nulllogic Groupware 2026-04-23 N/A
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.
CVE-2009-2357 1 Yasinkaplan 1 Tekradius 2026-04-23 N/A
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.