Search Results (120578 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0134 1 Share2 1 Easy Grid Control 2026-04-23 N/A
Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
CVE-2009-3646 1 Intervations 1 Navicopa Web Server 2026-04-23 N/A
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
CVE-2009-0137 2 Apple, Microsoft 5 Mac Os X, Mac Os X Server, Safari and 2 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."
CVE-2009-3652 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.
CVE-2009-0139 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
CVE-2009-3655 1 Solarwinds 1 Serv-u File Server 2026-04-23 N/A
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
CVE-2009-0148 2 Cscope, Redhat 2 Cscope, Enterprise Linux 2026-04-23 N/A
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.
CVE-2009-0153 2 Apple, Redhat 3 Mac Os X, Mac Os X Server, Enterprise Linux 2026-04-23 N/A
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2009-0154 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
CVE-2009-0156 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.
CVE-2008-2094 1 Xoops 1 Article Module 2026-04-23 N/A
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0160 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
CVE-2009-0164 1 Apple 1 Cups 2026-04-23 N/A
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
CVE-2009-3656 2 Drupal, Tim Nelson 2 Drupal, Shared Sign-on 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
CVE-2009-0166 5 Apple, Foolabs, Glyphandcog and 2 more 5 Cups, Xpdf, Xpdfreader and 2 more 2026-04-23 N/A
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
CVE-2009-3663 1 Jasper 1 Httpdx 2026-04-23 N/A
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
CVE-2009-3666 1 Nullam 1 Nullam Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.
CVE-2010-0036 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 7.8 High
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
CVE-2009-0171 1 Sun 1 Sparc Enterprise Server 2026-04-23 N/A
The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact.
CVE-2009-3667 1 Adsdx 1 Adsdx 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.