Vulnerabilities (CVE)

Filtered by CWE-94
Total 6421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1083 1 Sun 1 Java System Identity Manager 2026-06-16 9.0 HIGH N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."
CVE-2009-1064 2 Orbit Downloader, Orbitdownloader 2 Orbit Downloader, Orbit Downloader 2026-06-16 5.8 MEDIUM N/A
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
CVE-2009-1025 1 Beerwin 1 Phplinkadmin 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-0970 1 Phpprobid 1 Php Pro Bid 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0966 1 Yabsoft 1 Mega File Hosting Script 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2009-0955 1 Apple 1 Quicktime 2026-06-16 9.3 HIGH N/A
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
CVE-2009-0945 2 Apple, Microsoft 5 Mac Os X, Mac Os X Server, Safari and 2 more 2026-06-16 9.3 HIGH N/A
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
CVE-2009-0944 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 6.8 MEDIUM N/A
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
CVE-2009-0901 1 Microsoft 3 Visual C\+\+, Visual Studio, Visual Studio .net 2026-06-16 9.3 HIGH 8.8 HIGH
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
CVE-2009-0820 1 Php.brickhost 1 Phpscheduleit 2026-06-16 7.5 HIGH N/A
Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132.
CVE-2009-0811 1 Sopcast 1 Sopcore Activex Control 2026-06-16 9.3 HIGH N/A
Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method.
CVE-2009-0759 1 Znc 1 Znc 2026-06-16 6.5 MEDIUM N/A
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.
CVE-2009-0720 1 Hp 1 Openview Network Node Manager 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2009-0701 1 Cybershade 1 Cybershadecms 2026-06-16 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.
CVE-2009-0677 1 Ravenphpscripts 1 Ravennuke 2026-06-16 6.5 MEDIUM N/A
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.
CVE-2009-0674 1 Ravenphpscripts 1 Ravennuke 2026-06-16 6.0 MEDIUM N/A
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.
CVE-2009-0673 1 Ravenphpscripts 1 Ravennuke 2026-06-16 6.5 MEDIUM N/A
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
CVE-2009-0668 1 Zope 1 Zodb 2026-06-16 6.5 MEDIUM N/A
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
CVE-2009-0643 1 Dminnich 1 Simple Php News 2026-06-16 5.1 MEDIUM N/A
Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information.
CVE-2009-0639 1 Phpyabs 1 Phpyabs 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.