Export limit exceeded: 362972 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362972 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362972 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362972 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4100 2 Mozilla, Yoono 2 Firefox, Yoono 2026-04-23 N/A
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
CVE-2009-4099 2 G4j.laoneo, Joomla 2 Com Gcalendar, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4086 1 Javascript 1 Xerver Http Server 2026-04-23 N/A
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.
CVE-2009-4085 1 Jabba Laci 1 Phptraverser 2026-04-23 N/A
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4084 1 E107 1 E107 2026-04-23 N/A
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4083 1 E107 1 E107 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
CVE-2009-4082 1 Lanifex 1 Outreach Project Tool 2026-04-23 N/A
PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter.
CVE-2009-4081 1 Dag.wieers 1 Dstat 2026-04-23 N/A
Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894.
CVE-2009-4080 1 Sun 2 Opensolaris, Sunos 2026-04-23 N/A
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.
CVE-2009-4078 1 Redmine 1 Redmine 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4077 1 Roundcube 1 Webmail 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
CVE-2009-4076 1 Roundcube 1 Webmail 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.
CVE-2009-4075 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread."
CVE-2009-4073 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
CVE-2009-4072 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2009-4069 1 Gforge 1 Gforge 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3913 1 Xerox 1 Fiery Webtools 2026-04-23 N/A
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.
CVE-2009-3915 2 Drupal, John C Fiala 2 Drupal, Link 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.
CVE-2009-3917 2 Drupal, Greg Knaddison 2 Drupal, S5 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element.
CVE-2009-3918 2 Drupal, Karim Ratib 2 Drupal, Zoomify 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title.