Export limit exceeded: 361694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2257 | 1 Netgear | 1 Dg632 | 2026-04-23 | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | ||||
| CVE-2009-2261 | 1 Giorgio Tani | 1 Peazip | 2026-04-23 | N/A |
| PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command. | ||||
| CVE-2008-4374 | 1 Cmsbuzz | 1 Cms Buzz | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action. | ||||
| CVE-2009-0988 | 1 Oracle | 1 Database 11g | 2026-04-23 | N/A |
| Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. | ||||
| CVE-2009-2265 | 1 Fckeditor | 1 Fckeditor | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory. | ||||
| CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | ||||
| CVE-2008-4376 | 1 Livetvscript | 1 Live Tv Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | ||||
| CVE-2009-2271 | 1 Huawei | 1 D100 | 2026-04-23 | N/A |
| The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access. | ||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2026-04-23 | 7.5 High |
| The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | ||||
| CVE-2009-2287 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2026-04-23 | N/A |
| The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function. | ||||
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2026-04-23 | N/A |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | ||||
| CVE-2009-2293 | 1 Tutorial-share | 1 Tutorial Share | 2026-04-23 | N/A |
| Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter. | ||||
| CVE-2009-2294 | 1 Dillo | 1 Dillo | 2026-04-23 | N/A |
| Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values. | ||||
| CVE-2009-2296 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors. | ||||
| CVE-2009-2298 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420. | ||||
| CVE-2008-4710 | 1 Drupal | 2 Drupal, Stock Module | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2299 | 2 Apache, Hyperguard Web Application Firewall Project | 2 Http Server, Hyperguard Web Application Firewall | 2026-04-23 | N/A |
| The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data. | ||||
| CVE-2009-2301 | 1 Radware | 2 Appwall, Gateway | 2026-04-23 | N/A |
| The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. | ||||
| CVE-2009-2306 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2026-04-23 | N/A |
| The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini. | ||||
| CVE-2009-2307 | 1 Maxdev | 2 Cwguestbook, Md-pro | 2026-04-23 | N/A |
| SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. | ||||