Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0628 2 Redhat, Sun 3 Rhel Extras, Jdk, Jre 2025-04-09 N/A
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
CVE-2008-0696 1 Ibm 1 Db2 2025-04-09 N/A
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.
CVE-2007-6056 1 Aida-orga 1 Aida-web 2025-04-09 N/A
frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters.
CVE-2008-0697 1 Ibm 1 Db2 2025-04-09 N/A
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
CVE-2007-0932 2 Alcatel-lucent, Aruba 2 Omniaccess Wireless, Mobility Controller 2025-04-09 N/A
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.
CVE-2008-2297 1 Roticv 1 Rantx 2025-04-09 N/A
The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison.
CVE-2008-0707 1 Hp 2 Hp-ux, Storageworks Library And Tape Tools 2025-04-09 N/A
HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors.
CVE-2008-2294 1 Mreaves 1 Pet Grooming Management System 2025-04-09 N/A
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."
CVE-2008-3300 1 Alphadmin 1 Alphadmin Cms 2025-04-09 N/A
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3849 1 Redhat 1 Enterprise Linux 2025-04-09 N/A
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.
CVE-2008-2003 1 Badblue 1 Badblue 2025-04-09 N/A
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.
CVE-2008-0741 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.
CVE-2008-0329 1 Julien Plesniak 1 Lulieblog 2025-04-09 N/A
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
CVE-2009-2818 1 Apple 1 Mac Os X Server 2025-04-09 N/A
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
CVE-2007-3912 1 Debian 1 Debian-goodies 2025-04-09 N/A
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
CVE-2009-3472 1 Ibm 1 Db2 2025-04-09 N/A
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.
CVE-2007-6600 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Application Stack 2025-04-09 N/A
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
CVE-2009-2854 1 Wordpress 1 Wordpress 2025-04-09 N/A
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.
CVE-2008-5931 1 The Net Guys 1 Aspired2blog 2025-04-09 N/A
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.
CVE-2009-0122 1 Hp 1 Hplip 2025-04-09 N/A
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.