2009 年に公開された CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2009-4535 | Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI. | 5.0 | 6.68% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4534 | Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.3 | 0.86% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4533 | The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | 5.0 | 1.52% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4532 | Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. | 3.5 | 1.00% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4531 | httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI. | 5.0 | 7.07% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4530 | Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. | 5.0 | 1.22% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4529 | InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs. | 5.0 | 1.69% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4528 | The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. | 6.5 | 1.34% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4527 | The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser. | 4.6 | 0.33% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4526 | The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. | 5.0 | 1.49% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4525 | Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links. | 4.3 | 1.29% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4524 | Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element. | 4.3 | 1.22% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4523 | Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action. | 4.3 | 1.53% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4522 | Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information. | 4.3 | 1.53% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4521 | Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter. | 4.3 | 1.96% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4520 | The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | 5.0 | 1.24% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4519 | Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors. | 10.0 | 1.49% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4518 | Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node. | 4.3 | 1.06% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4517 | Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. | 6.8 | 0.60% | 2009-12-31 | 2026-06-16 |
| CVE-2009-4516 | Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 | 1.03% | 2009-12-31 | 2026-06-16 |