Export limit exceeded: 366936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366936 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1764 1 Bokecc 1 Maxcms 2026-04-23 N/A
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
CVE-2009-1765 1 Pluck-cms 1 Pluck 2026-04-23 N/A
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.
CVE-2009-1766 1 Teozkr 1 Lightopencms 2026-04-23 N/A
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1767 1 2daybiz 1 Template Monster Clone 2026-04-23 N/A
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
CVE-2009-1768 1 Ramazeiten 4 Ramazaitencms0.9.7.5, Ramazaitencms0.9.7.6, Ramazaitencms0.9.7.8 and 1 more 2026-04-23 N/A
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-1769 1 Ocsinventory-ng 1 Ocs Inventory Ng 2026-04-23 N/A
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2009-1770 1 Flyspeck 1 Flyspeck Cms 2026-04-23 N/A
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2009-1771 1 Flyspeck 1 Flyspeck Cms 2026-04-23 N/A
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
CVE-2009-1772 1 Activecollab 1 Activecollab 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.
CVE-2009-1773 1 Activecollab 1 Activecollab 2026-04-23 N/A
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
CVE-2009-1774 1 Strawberry 1 Strawberry 2026-04-23 N/A
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1775 1 Ulteo 1 Open Virtual Desktop 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1776 1 Matt Wright 1 Formmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.
CVE-2009-1777 1 Matt Wright 1 Formmail 2026-04-23 N/A
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
CVE-2009-1778 1 Bigace 1 Bigace Cms 2026-04-23 N/A
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-1779 1 Frax 1 Php Recommend 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.
CVE-2009-1780 1 Frax 1 Php Recommend 2026-04-23 N/A
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
CVE-2009-1781 1 Frax 1 Php Recommend 2026-04-23 N/A
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter.
CVE-2009-1782 1 F-secure 6 Anti-virus, Client Security, Home Server Security and 3 more 2026-04-23 N/A
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.
CVE-2009-1783 1 F-prot 3 F-prot Antivirus, F-prot Aves, F-prot Milter 2026-04-23 N/A
Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.