Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3294 | 2 Microsoft, Php | 4 Windows 7, Windows Server 2008, Windows Xp and 1 more | 2026-04-23 | N/A |
| The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. | ||||
| CVE-2009-3295 | 1 Mit | 1 Kerberos 5 | 2026-04-23 | N/A |
| The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request. | ||||
| CVE-2009-3296 | 1 Gallium.inria | 1 Camimages | 2026-04-23 | N/A |
| Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows. | ||||
| CVE-2009-3298 | 1 Mahara | 1 Mahara | 2026-04-23 | N/A |
| Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. | ||||
| CVE-2009-3300 | 1 Internet2 | 2 Identity Provider, Service Provider | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. | ||||
| CVE-2009-3303 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter. | ||||
| CVE-2009-3304 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. | ||||
| CVE-2009-3305 | 1 Pps.jussieu | 1 Polipo | 2026-04-23 | N/A |
| Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors. | ||||
| CVE-2009-3306 | 1 Richrumble | 1 Clearsite | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter. | ||||
| CVE-2009-3307 | 1 Frank Lichtenheld | 1 Fsphp | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/. | ||||
| CVE-2009-3309 | 1 Cfshopkart | 1 Cf Shopkart | 2026-04-23 | N/A |
| SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320. | ||||
| CVE-2009-3310 | 1 Shalwan | 1 Zainu | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action. | ||||
| CVE-2009-3311 | 1 Rssmediascript | 1 Rssmediascript | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2009-3312 | 1 Tomex | 1 Phppollscript | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter. | ||||
| CVE-2009-3313 | 1 Fmyclone | 1 Fmyclone | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php. | ||||
| CVE-2009-3314 | 1 Eliteladders | 1 Elite Gaming Ladders | 2026-04-23 | N/A |
| SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter. | ||||
| CVE-2009-3315 | 1 Nelogic | 1 Nephp Publisher | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field. | ||||
| CVE-2009-3316 | 2 Jforjoomla, Joomla | 2 Com Jreservation, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. | ||||
| CVE-2009-3317 | 1 Thecodeweasel | 1 Opensiteadmin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648. | ||||
| CVE-2009-3318 | 2 Breedveld, Joomla | 2 Com Album, Joomla | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. | ||||