Search Results (360766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2794 1 Apple 1 Iphone Os 2026-04-23 N/A
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
CVE-2009-2795 1 Apple 1 Iphone Os 2026-04-23 N/A
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."
CVE-2009-2804 2 Apple, Microsoft 4 Mac Os X, Mac Os X Server, Safari and 1 more 2026-04-23 N/A
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
CVE-2009-2814 1 Apple 1 Mac Os X Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.
CVE-2009-2860 1 Ibm 1 Db2 2026-04-23 N/A
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
CVE-2009-2831 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
CVE-2009-2832 1 Apple 1 Mac Os X Server 2026-04-23 N/A
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
CVE-2009-2833 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2009-2858 1 Ibm 1 Db2 2026-04-23 N/A
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
CVE-2009-2887 1 Phpscriptsnow 1 President Bios 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
CVE-2009-2892 1 Scripteen 1 Free Image Hosting Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
CVE-2009-2894 1 Clone2009 1 Ebay Clone 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
CVE-2009-2895 1 Phpsugar 1 Ultimate Regnow Affiliate 2026-04-23 N/A
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-2956 1 Ibm 1 Websphere Commerce Suite 2026-04-23 N/A
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
CVE-2009-2967 1 Buildbot 1 Buildbot 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.
CVE-2009-2976 1 Cisco 2 Aironet Ap1100, Aironet Ap1200 2026-04-23 N/A
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.
CVE-2009-2977 1 Cisco 1 Cs-mars 2026-04-23 N/A
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.
CVE-2009-2995 1 Adobe 1 Acrobat 2026-04-23 N/A
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.
CVE-2009-3045 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
CVE-2009-3057 1 Aom-software 1 Beex 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.