Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2230 1 Mybulletinboard 1 Mybulletinboard 2026-04-23 N/A
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
CVE-2009-2231 1 Mid.as 1 Midas 2026-04-23 N/A
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
CVE-2009-2235 1 Yourarticlesdirectory 1 Your Articles Directory 2026-04-23 N/A
SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2236 1 Yourarticlesdirectory 1 Your Articles Directory 2026-04-23 N/A
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2238 1 Dmxready 1 Registration Manager 2026-04-23 N/A
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.
CVE-2009-2239 1 Joomla 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more 2026-04-23 N/A
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2009-2241 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2009-2243 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-04-23 N/A
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2255 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
CVE-2009-2258 1 Netgear 2 Dg632, Dg632 Firmware 2026-04-23 N/A
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
CVE-2009-2265 1 Fckeditor 1 Fckeditor 2026-04-23 N/A
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
CVE-2009-2267 1 Vmware 7 Ace, Esx, Esxi and 4 more 2026-04-23 N/A
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
CVE-2009-2281 2 Osgeo, Umn 2 Mapserver, Mapserver 2026-04-23 N/A
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
CVE-2009-2285 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-23 N/A
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
CVE-2009-2287 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2026-04-23 N/A
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.
CVE-2009-2288 1 Nagios 1 Nagios 2026-04-23 N/A
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
CVE-2009-2299 2 Apache, Hyperguard Web Application Firewall Project 2 Http Server, Hyperguard Web Application Firewall 2026-04-23 N/A
The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
CVE-2009-2300 1 Phion 1 Airlock Web Application Firewall 2026-04-23 N/A
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.
CVE-2009-2306 1 Armassa 2 Ard-9808, Ard-9808 Software 2026-04-23 N/A
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.
CVE-2009-2308 2 Punbb, Punres 2 Punbb, Affiliates Mod 2026-04-23 N/A
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.