Export limit exceeded: 366900 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366900 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1445 1 Ivano Culmine 1 Webportal Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php.
CVE-2009-1446 1 Elkagroup 1 Image Gallery 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information.
CVE-2009-1447 1 E-cart 1 Free Shopping Cart 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2009-1448 1 Lovpop 1 Apricot 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-1449 1 Coolplayer 1 Coolplayer 2026-04-23 N/A
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter. NOTE: this may overlap CVE-2008-5735.
CVE-2009-1450 1 Bluevirus-design 1 Sma-db 2026-04-23 N/A
PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.
CVE-2009-1451 1 Bluevirus-design 1 Sma-db 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-1452 1 Bluevirus-design 1 Sma-db 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450.
CVE-2009-1453 1 Anoochit Chalothorn 1 Tiny Blogr 2026-04-23 N/A
SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information.
CVE-2009-1454 1 Andrew Simpson 1 Webcollab 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action.
CVE-2009-1455 1 Andrew Simpson 1 Webcollab 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.
CVE-2009-1456 1 Stephane Rajalu 1 Malleo 2026-04-23 N/A
Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2009-1457 1 Evolution-extreme 1 Nuke Evolution Xtreme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1458 1 Razorcms 1 Razorcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action.
CVE-2009-1459 1 Razorcms 1 Razorcms 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
CVE-2009-1460 1 Razorcms 1 Razorcms 2026-04-23 N/A
razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact.
CVE-2009-1461 1 Razorcms 1 Razorcms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field.
CVE-2009-1462 1 Razorcms 1 Razorcms 2026-04-23 N/A
The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
CVE-2009-1463 1 Razorcms 1 Razorcms 2026-04-23 N/A
Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file.
CVE-2009-1464 1 Klinzmann 1 Application Access Server 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary programs via a command job, (2) stop services via a setservice job, or (3) terminate processes via a killprocess job.