Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3791 1 Adobe 1 Flash Media Server 2026-04-23 7.5 High
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.
CVE-2008-4803 1 Simple Php Scripts 1 Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3829 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
CVE-2009-3834 2 Joomla, Webguerilla 2 Joomla, Com Photoblog 2026-04-23 N/A
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.
CVE-2009-3840 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet.
CVE-2009-3885 2 Microsoft, Sun 2 Windows, Jre 2026-04-23 N/A
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.
CVE-2009-3886 2 Redhat, Sun 2 Rhel Extras, Jre 2026-04-23 N/A
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.
CVE-2009-3892 1 Bestpractical 1 Rt 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
CVE-2009-3900 1 Ibm 2 Aix, Powerha 2026-04-23 N/A
Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).
CVE-2009-3930 1 Christos Zoulas 1 File 2026-04-23 N/A
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
CVE-2009-3944 1 Rim 2 Blackberry 8800, Blackberry Browser 2026-04-23 N/A
Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property.
CVE-2009-3945 1 Joomla 1 Joomla\! 2026-04-23 N/A
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.
CVE-2009-3958 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Acrobat Reader, Mac Os X and 2 more 2026-04-23 N/A
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
CVE-2009-4024 1 Pear 1 Pear 2026-04-23 N/A
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.
CVE-2009-4049 1 Avast 2 Avast Antivirus Home, Avast Antivirus Professional 2026-04-23 N/A
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
CVE-2009-4057 2 Inertialfate, Joomla 2 Com If Nexus, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.
CVE-2009-4085 1 Jabba Laci 1 Phptraverser 2026-04-23 N/A
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4093 1 Simplog 1 Simplog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters.
CVE-2009-4094 2 Designforjoomla, Joomla 2 Com Ezine, Joomla\! 2026-04-23 N/A
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
CVE-2009-4129 1 Mozilla 1 Firefox 2026-04-23 N/A
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.