Export limit exceeded: 366859 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366859 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1325 | 1 Mini-stream | 1 Ripper | 2026-04-23 | N/A |
| Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | ||||
| CVE-2009-1309 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||||
| CVE-2009-1310 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | ||||
| CVE-2009-1311 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||||
| CVE-2009-1312 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||||
| CVE-2009-1313 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||||
| CVE-2009-1314 | 1 Webfileexplorer | 1 Web File Explorer | 2026-04-23 | N/A |
| body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension. | ||||
| CVE-2009-1315 | 1 Abk-soft | 1 Ablespace | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php. | ||||
| CVE-2009-1316 | 1 Abk-soft | 1 Ablespace | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php. | ||||
| CVE-2009-1317 | 1 Aquacms | 1 Aqua Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php. | ||||
| CVE-2009-1318 | 1 Jamroom | 1 Jamroom | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter. | ||||
| CVE-2009-1319 | 1 Guestcal | 1 Guest Cal | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php. | ||||
| CVE-2009-1320 | 1 Zazzle | 1 Store Builder | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in include/zstore.php in Zazzle Store Builder 1.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) gridPage and (2) gridSort parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1321 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | ||||
| CVE-2009-1322 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2026-04-23 | N/A |
| ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb. | ||||
| CVE-2009-1323 | 1 Webfileexplorer | 1 Web File Explorer | 2026-04-23 | N/A |
| SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-1324 | 1 Mini-stream | 1 Asx To Mp3 Converter | 2026-04-23 | N/A |
| Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | ||||
| CVE-2009-1328 | 1 Mini-stream | 1 Rm-mp3 Converter | 2026-04-23 | N/A |
| Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | ||||
| CVE-2009-1329 | 1 Mini-stream | 1 Shadow Stream Recorder | 2026-04-23 | N/A |
| Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | ||||
| CVE-2009-1330 | 1 Mini-stream | 1 Easy Rm To Mp3 Converter | 2026-04-23 | N/A |
| Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file. | ||||