Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2268 1 Sun 1 Java System Access Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2269 1 Phome Empire 1 Phome Empire Cms 2026-04-23 N/A
SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.
CVE-2009-2274 1 Huawei 1 D100 2026-04-23 N/A
The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
CVE-2009-2281 2 Osgeo, Umn 2 Mapserver, Mapserver 2026-04-23 N/A
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
CVE-2009-2282 1 Oracle 2 Opensolaris, Solaris 2026-04-23 N/A
The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors.
CVE-2009-2272 1 Huawei 2 D100, D100 Firmware 2026-04-23 7.5 High
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
CVE-2009-2273 1 Huawei 2 D100, D100 Firmware 2026-04-23 N/A
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2009-2285 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-23 N/A
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
CVE-2009-2300 1 Phion 1 Airlock Web Application Firewall 2026-04-23 N/A
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.
CVE-2009-2301 1 Radware 2 Appwall, Gateway 2026-04-23 N/A
The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/.
CVE-2009-2304 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
CVE-2009-2306 1 Armassa 2 Ard-9808, Ard-9808 Software 2026-04-23 N/A
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.
CVE-2009-2307 1 Maxdev 2 Cwguestbook, Md-pro 2026-04-23 N/A
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.
CVE-2009-2309 1 Codice-cms 1 Codice Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter.
CVE-2009-2310 1 Bow Der Kleine 1 X-blc 2026-04-23 N/A
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2009-2327 1 Max Kervin 1 Kervinet Forum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.
CVE-2009-2342 1 Hans Oesterholt 1 Cmme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2009-2345 1 Clansphere 1 Clansphere 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.
CVE-2009-2354 1 Nulllogic 1 Groupware 2026-04-23 N/A
SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-2355 1 Dan Cahill 1 Nulllogic Groupware 2026-04-23 N/A
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.