Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5351 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Jdk and 2 more 2025-04-09 N/A
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.
CVE-2008-3423 1 Ibm 1 Websphere Portal 2025-04-09 N/A
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
CVE-2008-5422 3 Novell, Redhat, Sun 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more 2025-04-09 N/A
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
CVE-2007-6313 1 Mysql 1 Mysql Community Server 2025-04-09 N/A
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
CVE-2008-5283 1 Ghh 1 Google Hack Honeypot File Upload Manager 2025-04-09 N/A
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.
CVE-2008-5274 1 Toddwoolums 1 Todd Woolums Asp News Management 2025-04-09 N/A
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4992 1 Sun 13 Blade T6300 Server, Blade T6320 Server, Fire Enterprise Server T1000 and 10 more 2025-04-09 N/A
The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors.
CVE-2008-3303 1 Tuxplanet 1 Bilboblog 2025-04-09 N/A
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
CVE-2008-4915 1 Vmware 6 Ace, Esx, Esxi and 3 more 2025-04-09 N/A
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
CVE-2008-4793 1 Drupal 1 Drupal 2025-04-09 N/A
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
CVE-2007-5352 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 N/A
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
CVE-2008-0074 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-09 N/A
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
CVE-2007-3912 1 Debian 1 Debian-goodies 2025-04-09 N/A
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
CVE-2009-3472 1 Ibm 1 Db2 2025-04-09 N/A
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.
CVE-2007-4850 1 Php 1 Php 2025-04-09 N/A
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
CVE-2007-0843 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more 2025-04-09 N/A
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
CVE-2008-6053 1 Preprojects 1 Pre Resume Submitter 2025-04-09 N/A
PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2008-3046 1 Typo3 1 Packman Extension 2025-04-09 N/A
Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2008-7024 1 Arzdev 2 Gemini Lite, Gemini Portal 2025-04-09 N/A
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
CVE-2008-3096 1 Drupal 1 Outline Designer Module 2025-04-09 N/A
The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.