Search Results (363519 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4606 1 Phpnuke-clan 1 Phpnuke-clan 2026-04-23 N/A
PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself.
CVE-2009-2584 1 Linux 1 Linux Kernel 2026-04-23 N/A
Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow.
CVE-2009-2585 1 Mlffat 1 Mlffat 2026-04-23 N/A
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
CVE-2009-2586 1 Edgephp 1 Ezarticles 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2009-2587 1 Dragdropcart 1 Dragdropcart 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
CVE-2009-2588 1 Resalecode 1 Hotscripts Type Php Clone Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
CVE-2007-4610 1 Dale Mooney 1 Moon Gallery 2026-04-23 N/A
Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.
CVE-2009-2590 1 Resalecode 1 Hutscripts Php Website Script 2026-04-23 N/A
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-4612 1 Dale Mooney 1 Contact Form 2026-04-23 N/A
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.
CVE-2009-2591 2 E-xoopport, Runcms 2 E-xoopport, Myannonces 2026-04-23 N/A
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
CVE-2009-2596 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members.
CVE-2009-2598 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
CVE-2009-2599 1 Radscripts 1 Radclassifieds 2026-04-23 N/A
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
CVE-2009-2602 1 R2newsletter 3 R2 Newsletter Lite, R2 Newsletter Pro, R2 Newsletter Stats 2026-04-23 N/A
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
CVE-2009-2605 1 Traidnt 1 Traidnt Up 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
CVE-2009-2608 1 Chatelao 1 Php Address Book 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
CVE-2009-2609 2 Amotools, Joomla 2 Com Amocourse, Joomla 2026-04-23 N/A
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2009-2610 2 Drupal, Scott Courtney 2 Drupal, Links Package 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.
CVE-2009-2613 1 Datachecknh 1 Linkpal 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2617 1 Baofeng 1 Storm 2026-04-23 N/A
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.