Export limit exceeded: 363021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363021 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4413 | 1 Pps.jussieu | 1 Polipo | 2026-04-23 | N/A |
| The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault. | ||||
| CVE-2009-4412 | 1 S9y | 1 Serendipity | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4403 | 1 Rumbacms | 1 Rumba Xml | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4348 | 1 Haroldbakker | 1 Hb-ns | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146. | ||||
| CVE-2009-4574 | 1 I-escorts | 1 I-escorts Directory Script | 2026-04-23 | N/A |
| SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | ||||
| CVE-2009-4318 | 1 Realestatephp | 1 Real Estate Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4177 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header. | ||||
| CVE-2009-4178 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter. | ||||
| CVE-2009-4179 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action. | ||||
| CVE-2009-4180 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header. | ||||
| CVE-2009-4181 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe. | ||||
| CVE-2009-4187 | 1 Sun | 2 Java System Portal Server, Solaris | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4188 | 1 Hp | 1 Operations Dashboard | 2026-04-23 | N/A |
| HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098. | ||||
| CVE-2009-4189 | 1 Hp | 1 Operations Manager | 2026-04-23 | N/A |
| HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843. | ||||
| CVE-2009-4186 | 2 Apple, Microsoft | 2 Safari, Windows | 2026-04-23 | N/A |
| Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | ||||
| CVE-2009-4191 | 1 Sun | 2 Opensolaris, Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-4192 | 1 Interspire | 1 Knowledge Manager | 2026-04-23 | N/A |
| Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4205 | 1 Ringsworld | 1 Flashlight Free Edition | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | ||||
| CVE-2009-4206 | 1 Cmsnx | 1 Million Dollar Text Links | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-4207 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. | ||||