Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3356 1 Ingres 1 Ingres 2025-04-09 N/A
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
CVE-2008-4507 1 Ibm 1 Lotus Quickr 2025-04-09 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.
CVE-2008-3112 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Jdk and 2 more 2025-04-09 N/A
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.
CVE-2008-3000 1 Drupal 1 Aggregation Module 2025-04-09 N/A
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
CVE-2009-2682 1 Hp 1 Hp-ux 2025-04-09 N/A
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
CVE-2008-2830 1 Apple 1 Mac Os X 2025-04-09 N/A
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.
CVE-2008-6535 1 Paypalestores 1 Paypal Estores 2025-04-09 N/A
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.
CVE-2008-2324 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.
CVE-2008-2314 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
CVE-2007-5342 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-09 N/A
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
CVE-2007-5350 1 Microsoft 1 Windows Vista 2025-04-09 N/A
Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
CVE-2008-4644 1 Mywebland 1 Mystats 2025-04-09 N/A
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
CVE-2008-2293 1 Tpvgames 1 Mpcs 2025-04-09 N/A
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
CVE-2008-2289 1 Symantec 1 Altiris Deployment Solution 2025-04-09 N/A
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
CVE-2007-2279 1 Symantec 1 Veritas Storage Foundation 2025-04-09 N/A
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
CVE-2007-4694 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
CVE-2009-2770 1 Powerupload 1 Powerupload 2025-04-09 N/A
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
CVE-2008-2287 1 Symantec 1 Altiris Deployment Solution 2025-04-09 N/A
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.
CVE-2007-4740 1 Telecom Italy 1 Alice Messenger 2025-04-09 N/A
The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
CVE-2008-2174 1 Shelter Manager 1 Animal Shelter Manager 2025-04-09 N/A
Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing."