Export limit exceeded: 367003 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367003 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2066 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-2067 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-1613 1 Gowondesigns 1 Leap 2026-04-23 N/A
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
CVE-2009-1614 1 Gowondesigns 1 Leap 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.
CVE-2009-1615 1 Gowondesigns 1 Leap 2026-04-23 N/A
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
CVE-2009-1616 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
CVE-2009-1617 1 Teraway 1 Linktracker 2026-04-23 N/A
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-1618 1 Teraway 1 Livehelp 2026-04-23 N/A
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1619 1 Teraway 1 Filestream 2026-04-23 N/A
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-1620 1 Mata 1 Matachat 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters.
CVE-2009-1622 1 Ecshop 1 Ecshop 2026-04-23 N/A
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action.
CVE-2009-1623 1 Dew-code 1 Dew-newphplinks 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter.
CVE-2009-1624 1 Dew-code 1 Dew-newphplinks 2026-04-23 N/A
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter.
CVE-2009-1625 1 Davlin 1 Thickbox Gallery 2026-04-23 N/A
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
CVE-2009-1626 1 Will Kraft 1 Ez-blog 2026-04-23 N/A
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2009-1627 1 Sdp Multimedia 1 Streaming Download Project 2026-04-23 N/A
Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file.
CVE-2009-1628 2 Microsoft, Unisys 2 Windows, Business Information Server 2026-04-23 N/A
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2009-1629 1 Antony Lesuisse 1 Ajaxterm 2026-04-23 N/A
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
CVE-2009-1637 1 Simplecustomer 1 Simple Customer 2026-04-23 N/A
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
CVE-2009-1630 6 Canonical, Debian, Linux and 3 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2026-04-23 N/A
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.