Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1245 1 Cccp-common-clan-portal-pasterbin 1 Cccp Pastebin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1246 1 Blogplus 1 Blogplus 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php.
CVE-2009-1247 1 Acutecp.rediscussed 1 Acutecp 2026-04-23 N/A
SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-1248 1 Acutecp 1 Acute Control Panel 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.
CVE-2009-1249 1 Drupal 2 Drupal, Feedapi Mapper 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.
CVE-2009-1250 3 Ibm, Linux, Openafs 3 Afs, Linux Kernel, Openafs 2026-04-23 N/A
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
CVE-2009-1251 2 Openafs, Unix 2 Openafs, Unix 2026-04-23 N/A
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.
CVE-2009-1252 2 Ntp, Redhat 3 Ntp, Enterprise Linux, Rhel Eus 2026-04-23 N/A
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
CVE-2009-1253 1 James Stone 1 Tunapie 2026-04-23 N/A
James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.
CVE-2009-1254 1 James Stone 1 Tunapie 2026-04-23 N/A
James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.
CVE-2009-1255 1 Memcachedb 1 Memcached 2026-04-23 N/A
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
CVE-2009-1256 1 Flexcms 1 Flexcms 2026-04-23 N/A
SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-1257 1 Magic Iso Maker 1 Magic Iso Maker 2026-04-23 N/A
Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.
CVE-2009-1258 2 Joomla, Rd-media 2 Joomla, Com Rdautos 2026-04-23 N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1259 1 Insanevisions 1 Adaptbb 2026-04-23 N/A
SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.
CVE-2009-1260 1 Ezbsystems 1 Ultraiso 2026-04-23 N/A
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
CVE-2009-1261 1 Webhelpdesk 1 Web Help Desk 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1262 1 Fortinet 1 Forticlient 2026-04-23 N/A
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.
CVE-2009-1263 2 Alikonweb, Joomla 2 Com Bookjoomlas, Joomla 2026-04-23 N/A
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
CVE-2009-1264 2 Stanislas Rolland, Typo3 2 Sr Feuser Register, Typo3 2026-04-23 N/A
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.