Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0361 1 Eyrie 1 Pam-krb5 2025-04-09 N/A
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
CVE-2009-0365 2 Redhat, Ubuntu 2 Enterprise Linux, Ubuntu Linux 2025-04-09 N/A
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
CVE-2009-0367 1 Wesnoth 1 Wesnoth 2025-04-09 N/A
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
CVE-2008-1595 1 Ibm 1 Aix 2025-04-09 N/A
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
CVE-2009-0399 1 Chipmunk Scripts 1 Chipmunk Blogger 2025-04-09 N/A
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.
CVE-2008-1628 1 Linux 1 Audit 2025-04-09 N/A
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
CVE-2008-1834 1 Swfdec 1 Swfdec 2025-04-09 N/A
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
CVE-2008-1993 1 Acidcat 1 Acidcat Cms 2025-04-09 N/A
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.
CVE-2008-2174 1 Shelter Manager 1 Animal Shelter Manager 2025-04-09 N/A
Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing."
CVE-2008-5780 1 Hostforest 1 Forest Blog 2025-04-09 N/A
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
CVE-2008-2331 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.
CVE-2009-3596 1 Joxtechnology 1 Ajox Poll 2025-04-09 N/A
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
CVE-2008-2348 1 Meltingicefs 1 Meltingice File System 2025-04-09 N/A
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.
CVE-2008-6674 1 Quickersite 1 Quickersite 2025-04-09 N/A
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
CVE-2008-2147 1 Videolan 1 Vlc 2025-04-09 N/A
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
CVE-2009-1941 1 Phpeasycode 1 Pad Site Scripts 2025-04-09 N/A
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.
CVE-2007-4471 1 Intuit 1 Quickbooks 2025-04-09 N/A
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2009-2293 1 Tutorial-share 1 Tutorial Share 2025-04-09 N/A
Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.
CVE-2008-4059 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-09 N/A
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
CVE-2007-6305 3 Ibm, Linux, Unix 3 Hardware Management Console, Linux Kernel, Unix 2025-04-09 N/A
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."