Search Results (120582 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0393 1 Motorola 1 Cpei300 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.
CVE-2009-0396 1 Sony Ericsson 9 K530i, K610i, K618i and 6 more 2026-04-23 N/A
The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948.
CVE-2009-3709 1 Konae 1 Alleycode Html Editor 2026-04-23 N/A
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
CVE-2009-0398 2 Gstreamer, Redhat 2 Plug-ins, Enterprise Linux 2026-04-23 N/A
Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.
CVE-2009-0400 1 Socialengine 1 Socialengine 2026-04-23 N/A
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2009-3713 1 Morcego 1 Morcegocms 2026-04-23 N/A
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
CVE-2009-0403 1 Chipmunk Scripts 1 Chipmunk Blogger 2026-04-23 N/A
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-3714 1 Maniacomputer 1 Mcshoutbox 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter.
CVE-2009-0405 1 Smartsitecms 1 Smartsitecms 2026-04-23 N/A
SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.
CVE-2009-3716 1 Maniacomputer 1 Mcshoutbox 2026-04-23 N/A
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
CVE-2007-1817 1 Lykoszine 1 Lykos Reviews Module 2026-04-23 N/A
SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action.
CVE-2009-0409 1 Mzbservices 1 Max.blog 2026-04-23 N/A
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-3727 1 Digium 3 Asterisk, Asterisknow, S800i 2026-04-23 N/A
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
CVE-2009-0412 1 Interspire 1 Shopping Cart 2026-04-23 N/A
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
CVE-2009-0413 1 Roundcube 1 Webmail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
CVE-2009-0420 2 Joomla, Rd-media 2 Joomla, Rd-autos 2026-04-23 N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-3731 3 Microsoft, Vmware, Webworks 11 Windows, Esx Server, Lab Manager and 8 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.
CVE-2009-0426 1 Dmxready 1 Classified Listings Manager 2026-04-23 N/A
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-0427 1 Dmxready 1 Member Directory Manager 2026-04-23 N/A
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-3733 2 Linux, Vmware 4 Linux Kernel, Esx, Esxi and 1 more 2026-04-23 N/A
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.