Search Results (364436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2773 1 Shop-020 1 Php Paid 4 Mail Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-2780 1 68 Classifieds 1 68 Classifieds 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2009-2785 1 Classifiedphpscript 1 Php Open Classifieds Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.
CVE-2009-2786 2 Punbb, Reputation 2 Punbb, Reputation 2026-04-23 N/A
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.
CVE-2009-2787 2 Punbb, Reputation 2 Punbb, Reputation 2026-04-23 N/A
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
CVE-2009-2788 1 Mobilelib 1 Mobilelib Gold 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.
CVE-2009-2789 2 Joomla, Permis 2 Joomla, Com Groups 2026-04-23 N/A
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0703 1 Webbuilder 1 Webbuilder 2026-04-23 N/A
PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.
CVE-2009-2792 1 Joshua Oliver 1 Really Simple Cms 2026-04-23 N/A
Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter.
CVE-2009-2793 1 Netbsd 1 Netbsd 2026-04-23 N/A
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
CVE-2009-2794 1 Apple 1 Iphone Os 2026-04-23 N/A
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
CVE-2009-2795 1 Apple 1 Iphone Os 2026-04-23 N/A
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."
CVE-2007-1706 1 Ewebquiz 1 Ewebquiz 2026-04-23 N/A
SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter.
CVE-2009-2796 1 Apple 1 Iphone Os 2026-04-23 N/A
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
CVE-2009-2799 1 Apple 1 Quicktime 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.
CVE-2008-2664 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2026-04-23 N/A
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2009-2804 2 Apple, Microsoft 4 Mac Os X, Mac Os X Server, Safari and 1 more 2026-04-23 N/A
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
CVE-2008-2771 1 Drupal 2 Drupal, Node Hierarchy Module 2026-04-23 N/A
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
CVE-2009-2805 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.