Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2611 1 Gander 1 Myfusion 2026-04-23 N/A
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.
CVE-2009-2612 1 Prosmdr 1 Prosmdr 2026-04-23 N/A
SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2613 1 Datachecknh 1 Linkpal 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2614 1 Datachecknh 1 Linkpal 2026-04-23 N/A
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2621 1 Squid-cache 1 Squid 2026-04-23 N/A
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
CVE-2009-2628 1 Vmware 4 Ace, Movie Decoder, Player and 1 more 2026-04-23 N/A
The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.
CVE-2009-2633 2 Joomla, Ordasoft 2 Joomla, Com Vehiclemanager 2026-04-23 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2635 2 Joomla, Ordasoft 2 Joomla, Com Realestatemanager 2026-04-23 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2636 1 Kerio 1 Kerio Mailserver 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
CVE-2009-2638 2 Joomla, Konze 2 Joomla, Com Akobook 2026-04-23 N/A
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
CVE-2009-2641 1 Rich White 1 School Data Nav 2026-04-23 N/A
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-2642 1 Desiscripts 1 Desi Short Url Script 2026-04-23 N/A
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
CVE-2009-2646 1 Rim 2 Blackberry Enterprise Server, Blackberry Professional Software 2026-04-23 N/A
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
CVE-2009-2649 1 Freebsd 1 Freebsd 2026-04-23 N/A
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.
CVE-2009-2650 1 Sorcerersoftware 1 Multimedia Jukebox 2026-04-23 N/A
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.
CVE-2009-2651 1 Digium 1 Asterisk 2026-04-23 N/A
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
CVE-2009-2652 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.
CVE-2009-2654 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
CVE-2009-2657 1 Nilf 1 Nilfs 2026-04-23 N/A
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.
CVE-2009-2660 1 Jun Furuse 1 Camlimages 2026-04-23 N/A
Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.