Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3247 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3.
CVE-2009-3248 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.
CVE-2009-3251 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.
CVE-2009-3252 1 Dave Robinson 1 Rockbandcms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
CVE-2009-3253 1 Tricerasoft 1 Swift Ultralite 2026-04-23 N/A
Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
CVE-2009-3254 1 Ultimatevideosite 1 Ultimate Player 2026-04-23 N/A
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
CVE-2009-3255 1 Thomas Cuchta 1 Rash 2026-04-23 N/A
SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.
CVE-2009-3256 1 Livestreet 1 Livestreet 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.
CVE-2009-3336 1 Phpprobid 1 Php Pro Bid 2026-04-23 N/A
SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter.
CVE-2009-3268 1 Google 1 Chrome 2026-04-23 N/A
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
CVE-2009-3269 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
CVE-2009-3270 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
CVE-2009-3271 1 Apple 2 Iphone Os, Safari 2026-04-23 N/A
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
CVE-2009-3272 1 Apple 1 Safari 2026-04-23 N/A
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.
CVE-2009-3273 1 Apple 1 Iphone Os 2026-04-23 N/A
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
CVE-2009-3275 1 Microsoft 1 Enterprise Library 2026-04-23 N/A
Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability.
CVE-2009-3276 1 Nasd 1 Corenet1 2026-04-23 N/A
Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability.
CVE-2009-3277 1 Xenu By 1 Datavault 2026-04-23 N/A
DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability.
CVE-2009-3278 1 Qnap 4 Ts-239 Pro, Ts-239 Pro Firmware, Ts-639 Pro and 1 more 2026-04-23 5.5 Medium
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.
CVE-2009-3279 1 Qnap 2 Ts-239 Pro Turbo Nas, Ts-639 Pro Turbo Nas 2026-04-23 N/A
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.