Search Results (363241 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1754 1 Google 1 Android 2026-04-23 N/A
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
CVE-2009-1756 1 Simone Rota 1 Slim Simple Login Manager 2026-04-23 N/A
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.
CVE-2009-1757 1 Transmissionbt 1 Transmission 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2009-1759 1 Rahul 2 Ctorrent, Dtorrent 2026-04-23 N/A
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
CVE-2006-6040 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
CVE-2009-1772 1 Activecollab 1 Activecollab 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.
CVE-2009-1774 1 Strawberry 1 Strawberry 2026-04-23 N/A
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.
CVE-2006-6052 1 Netepi Case Manager 1 Netepi Case Manager 2026-04-23 N/A
NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2009-1776 1 Matt Wright 1 Formmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.
CVE-2009-1777 1 Matt Wright 1 Formmail 2026-04-23 N/A
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
CVE-2007-4182 1 Wikiwebweaver 1 Wikiwebweaver 2026-04-23 N/A
Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/.
CVE-2006-6060 1 Linux 1 Linux Kernel 2026-04-23 N/A
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
CVE-2009-1782 1 F-secure 6 Anti-virus, Client Security, Home Server Security and 3 more 2026-04-23 N/A
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.
CVE-2009-1785 1 Ulteo 1 Open Virtual Desktop 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4183 1 Php Arena 1 Pabugs 2026-04-23 N/A
SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2009-1787 1 Phpdirsubmit 1 Php Dir Submit 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
CVE-2009-1789 2 Eggheads, Philip Moore 3 Eggdrop, Eggdrop Irc Bot, Windrop 2026-04-23 N/A
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
CVE-2009-1790 1 Cgi Rescue 1 Rescue 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-1792 4 Apple, Linux, Microsoft and 1 more 5 Macos, Linux Kernel, Windows and 2 more 2026-04-23 N/A
The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).
CVE-2009-1797 1 Apc 2 Network Management Card, Switched Rack Pdu 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact.