Search Results (120551 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1044 3 Microsoft, Mozilla, Redhat 3 Windows 7, Firefox, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
CVE-2009-1047 1 Drupal 2 Drupal, Print 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.
CVE-2009-1049 1 Kamads 1 Bloginator 2026-04-23 N/A
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1057 1 Microsmarts 1 Zipitfast\! 2026-04-23 N/A
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
CVE-2009-1059 1 Powerzip 1 Powerzip 2026-04-23 N/A
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
CVE-2009-4040 2 Microsoft, Phpmyfaq 2 Internet Explorer, Phpmyfaq 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.
CVE-2009-1067 1 Getpixie 1 Pixie Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.
CVE-2009-4047 1 P-hd 1 Phd Help Desk 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1068 1 Bsplayer 1 Bs.player 2026-04-23 N/A
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
CVE-2009-1069 1 Drupal 2 Content Construction Kit, Drupal 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.
CVE-2009-1074 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.
CVE-2009-4053 1 Home Ftp Server Project 1 Home Ftp Server 2026-04-23 6.5 Medium
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1077 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
CVE-2009-1079 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683.
CVE-2009-4055 1 Digium 2 Asterisk, S800i 2026-04-23 N/A
rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.
CVE-2009-1080 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033.
CVE-2009-1082 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.
CVE-2009-4061 2 Drupal, Yuriy Babenko 2 Drupal, Agreement Module 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1086 1 Nlnetlabs 1 Ldns 2026-04-23 N/A
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
CVE-2009-4063 2 Drupal, Ezra Barnett Gildesgame 2 Drupal, Og Subgroups 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.