Search Results (362508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1572 1 Quagga 1 Quagga 2026-04-23 N/A
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
CVE-2009-1574 2 Ipsec-tools, Redhat 2 Ipsec-tools, Enterprise Linux 2026-04-23 N/A
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
CVE-2009-1577 2 Cscope, Redhat 2 Cscope, Enterprise Linux 2026-04-23 N/A
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.
CVE-2009-1578 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
CVE-2009-1589 1 Cgi Rescue 1 Cgi Rescue Minibbs22 2026-04-23 N/A
Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows remote attackers to send email to arbitrary recipients via unknown vectors.
CVE-2009-1621 1 Opencart 1 Opencart 2026-04-23 N/A
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
CVE-2009-1603 2 Fedoraproject, Opensc-project 2 Fedora, Opensc 2026-04-23 7.5 High
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
CVE-2009-1606 1 Dafolo 1 Dafolocontrol 2026-04-23 N/A
Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1332 1 Sun 1 Java System Directory Server 2026-04-23 N/A
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.
CVE-2009-1342 1 Drupal 2 Cck Comment Reference, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.
CVE-2009-1348 1 Mcafee 13 Active Virus Defense, Active Virusscan, Email Gateway and 10 more 2026-04-23 N/A
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
CVE-2009-1354 1 Sergey Lyubka 1 Mongoose 2026-04-23 N/A
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2009-1355 1 Ibm 1 Aix 2026-04-23 N/A
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.
CVE-2009-1356 1 Elecard 1 Elecard Avc Hd Player 2026-04-23 N/A
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
CVE-2009-1362 1 Chcounter 1 Chcounter 2026-04-23 N/A
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1364 3 Francis James Franklin, Opensuse, Redhat 3 Libwmf, Opensuse, Enterprise Linux 2026-04-23 N/A
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
CVE-2009-1365 1 Adobe 1 Flash Media Server 2026-04-23 N/A
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests.
CVE-2009-1368 1 Mozilo 1 Mozilocms 2026-04-23 N/A
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
CVE-2009-1370 1 Xilisoft 1 Xilisoft Video Converter 2026-04-23 N/A
Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file.
CVE-2009-1371 1 Clamav 1 Clamav 2026-04-23 N/A
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.