Search Results (360766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3314 1 Eliteladders 1 Elite Gaming Ladders 2026-04-23 N/A
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
CVE-2009-3315 1 Nelogic 1 Nephp Publisher 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.
CVE-2009-3320 1 Zenas 1 Paolink 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-3321 1 Saphplesson 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
CVE-2009-3322 1 Siemens 1 Gigaset Se361 Wlan Router 2026-04-23 N/A
The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723.
CVE-2009-3362 1 Sznews 1 Sznews 2026-04-23 N/A
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
CVE-2009-3368 2 Joomla, Joomlahbs 2 Joomla\!, Com Hbssearch 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
CVE-2009-3378 1 Mozilla 1 Firefox 2026-04-23 N/A
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
CVE-2009-3395 1 Oracle 1 E-business Suite 2026-04-23 N/A
Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote attackers to affect availability via unknown vectors.
CVE-2009-3422 1 Zenas 1 Paoliber 2026-04-23 N/A
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
CVE-2009-3433 1 Sun 1 Cluster 2026-04-23 N/A
Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors.
CVE-2009-3452 1 Radactive 1 I-load 2026-04-23 N/A
WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname.
CVE-2009-3458 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
CVE-2009-3461 1 Adobe 1 Acrobat 2026-04-23 N/A
Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors.
CVE-2009-3503 1 Bpowerhouse 1 Bpholidaylettings 2026-04-23 N/A
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
CVE-2009-3520 1 Cmsphp Project 1 Cmsphp 2026-04-23 8.8 High
Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.
CVE-2009-3530 1 Radscripts 1 Radbids 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2009-3541 1 Phpgenealogy 1 Phpgenealogy 2026-04-23 N/A
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
CVE-2009-3579 1 Mortbay 1 Jetty 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
CVE-2009-3595 1 Vspanel 1 Vs Panel 2026-04-23 N/A
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.