Search Results (26360 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3591 1 Ben Webb 1 Dopewars 2026-04-23 N/A
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
CVE-2009-3600 1 Freewebscriptz 1 Hubscript 2026-04-23 N/A
HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function.
CVE-2009-3612 6 Canonical, Fedoraproject, Linux and 3 more 9 Ubuntu Linux, Fedora, Linux Kernel and 6 more 2026-04-23 N/A
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
CVE-2009-3627 1 Derrick Oswald 1 Html-parser 2026-04-23 N/A
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
CVE-2009-3628 1 Typo3 1 Typo3 2026-04-23 N/A
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.
CVE-2009-3640 1 Linux 1 Linux Kernel 2026-04-23 N/A
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.
CVE-2009-3646 1 Intervations 1 Navicopa Web Server 2026-04-23 N/A
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
CVE-2009-3727 1 Digium 3 Asterisk, Asterisknow, S800i 2026-04-23 N/A
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
CVE-2009-4028 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-23 N/A
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
CVE-2009-4031 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Virtualization 2026-04-23 N/A
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
CVE-2009-4051 1 Downstairs.dnsalias 1 Home Ftp Server 2026-04-23 N/A
Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands.
CVE-2009-4073 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
CVE-2009-4086 1 Javascript 1 Xerver Http Server 2026-04-23 N/A
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.
CVE-2009-4090 1 Telepark 1 Telepark.wiki 2026-04-23 N/A
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.
CVE-2009-4098 1 Openx 1 Openx 2026-04-23 N/A
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
CVE-2009-4100 2 Mozilla, Yoono 2 Firefox, Yoono 2026-04-23 N/A
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
CVE-2009-4101 2 Didier Ernotte, Mozilla 2 Inforss, Firefox 2026-04-23 N/A
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
CVE-2009-4102 2 Mozilla, Sage.mozdev 2 Firefox, Sage 2026-04-23 N/A
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
CVE-2009-4105 1 Typsoft 1 Typsoft Ftp Server 2026-04-23 N/A
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.
CVE-2009-4106 1 Ohloh 1 Agoko Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters.