CVE リスト (「タイプ別の脆弱性」から · 2009 年に公開 · 既定の並び順は「公開日の降順」です(新しい公開が先頭)。)

2009 年に公開された CVE を表示しています。 CVE の一覧へ

CVSS スコア
表示中 120 / 5778
«« 先頭 « 前へ 1 / 289 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2009-4535 Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI. 5.0 6.68% 2009-12-31 2026-06-16
CVE-2009-4534 Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 4.3 0.86% 2009-12-31 2026-06-16
CVE-2009-4533 The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. 5.0 1.52% 2009-12-31 2026-06-16
CVE-2009-4532 Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. 3.5 1.00% 2009-12-31 2026-06-16
CVE-2009-4531 httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI. 5.0 7.07% 2009-12-31 2026-06-16
CVE-2009-4530 Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. 5.0 1.22% 2009-12-31 2026-06-16
CVE-2009-4529 InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs. 5.0 1.69% 2009-12-31 2026-06-16
CVE-2009-4528 The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. 6.5 1.34% 2009-12-31 2026-06-16
CVE-2009-4527 The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser. 4.6 0.33% 2009-12-31 2026-06-16
CVE-2009-4526 The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. 5.0 1.49% 2009-12-31 2026-06-16
CVE-2009-4525 Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links. 4.3 1.29% 2009-12-31 2026-06-16
CVE-2009-4524 Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element. 4.3 1.22% 2009-12-31 2026-06-16
CVE-2009-4523 Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action. 4.3 1.53% 2009-12-31 2026-06-16
CVE-2009-4522 Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information. 4.3 1.53% 2009-12-31 2026-06-16
CVE-2009-4521 Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter. 4.3 1.96% 2009-12-31 2026-06-16
CVE-2009-4520 The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. 5.0 1.24% 2009-12-31 2026-06-16
CVE-2009-4519 Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors. 10.0 1.49% 2009-12-31 2026-06-16
CVE-2009-4518 Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node. 4.3 1.06% 2009-12-31 2026-06-16
CVE-2009-4517 Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. 6.8 0.60% 2009-12-31 2026-06-16
CVE-2009-4516 Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 4.3 1.03% 2009-12-31 2026-06-16
«« 先頭 « 前へ 1 / 289 次へ »
cvelogic Threat Intelligence