Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4526 2 Drupal, Joao Ventura 2 Drupal, Print 2026-04-23 N/A
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.
CVE-2009-3293 1 Php 1 Php 2026-04-23 N/A
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
CVE-2009-3295 1 Mit 1 Kerberos 5 2026-04-23 N/A
The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.
CVE-2007-3098 1 Castle Rock Computing 1 Snmpc 2026-04-23 N/A
The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP.
CVE-2009-3296 1 Gallium.inria 1 Camimages 2026-04-23 N/A
Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.
CVE-2009-4529 1 Intervations 1 Navicopa Web Server 2026-04-23 N/A
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.
CVE-2009-3298 1 Mahara 1 Mahara 2026-04-23 N/A
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.
CVE-2009-3307 1 Frank Lichtenheld 1 Fsphp 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/.
CVE-2009-3308 1 Fanupdate 1 Fanupdate 2026-04-23 N/A
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
CVE-2009-3316 2 Jforjoomla, Joomla 2 Com Jreservation, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
CVE-2008-3761 1 Vmware 1 Vmware Workstation 2026-04-23 N/A
hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.
CVE-2009-3320 1 Zenas 1 Paolink 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-3325 2 Focusdev, Joomla 2 Com Surveymanager, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
CVE-2008-6890 1 Codetoad 1 Asp Forum Script 2026-04-23 N/A
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.
CVE-2009-3339 1 Mcafee 1 Email And Web Security Appliance 2026-04-23 N/A
Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-3352 1 Drupal 1 Drupal 2026-04-23 N/A
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
CVE-2009-4539 1 Sqlitemanager 1 Sqlitemanager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVE-2009-3353 2 Drupal, Steve Lockwood 2 Drupal, Node2node 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVE-2009-4541 1 Isolsoft 1 Support Center 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-4543 1 Cromosoft 1 Facil Helpdesk 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.