Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4090 1 Telepark 1 Telepark.wiki 2026-04-23 N/A
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.
CVE-2009-4095 1 Companionway 1 Myphile 2026-04-23 N/A
myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
CVE-2009-4096 1 Scriptlerim 1 Radio Isetek Scripti 2026-04-23 N/A
RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
CVE-2009-4094 2 Designforjoomla, Joomla 2 Com Ezine, Joomla\! 2026-04-23 N/A
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
CVE-2009-4145 2 Gnome, Redhat 2 Networkmanager, Enterprise Linux 2026-04-23 N/A
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
CVE-2009-4149 1 Ca 1 Service Desk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2009-4150 1 Ibm 2 Db2, Db2 Universal Database 2026-04-23 N/A
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
CVE-2009-4159 2 Ivan Kartolo, Typo3 2 Direct Mail, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4160 2 Kurt Kunig, Typo3 2 Kk Downloader, Typo3 2026-04-23 N/A
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2009-4161 2 An Searchit, Typo3 2 An Searchit, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4162 2 Mauro Lorenzutti, Typo3 2 Wfqbe, Typo3 2026-04-23 N/A
Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors.
CVE-2009-4166 2 Michal Hadr, Typo3 2 Mchtrips, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4171 1 Yahoo 1 Messenger 2026-04-23 N/A
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
CVE-2009-4178 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.
CVE-2009-4179 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.
CVE-2009-4180 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.
CVE-2009-4190 1 Sun 1 Opensolaris 2026-04-23 N/A
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-4195 1 Adobe 1 Illustrator 2026-04-23 N/A
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
CVE-2009-4197 1 Huawei 3 Mt882 Modem, Mt882 Modem Firmware, Mt882 V100t002b020 Arg-t 2026-04-23 N/A
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.
CVE-2009-4198 1 Cupidsystems 1 Myminibill 2026-04-23 N/A
SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.