Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4131 1 Sun 1 Solaris 2025-04-09 N/A
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.
CVE-2009-1771 1 Flyspeck 1 Flyspeck Cms 2025-04-09 N/A
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
CVE-2009-1679 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 N/A
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
CVE-2008-0580 1 Geert Moernaut 2 Lsrunase, Supercrypt 2025-04-09 N/A
Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering.
CVE-2008-0584 1 Ibm 1 Aix 2025-04-09 N/A
Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.
CVE-2009-2077 2 Angrydonuts, Drupal 2 Views, Drupal 2025-04-09 N/A
Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.
CVE-2008-5218 1 Scriptsez 1 Freeze Greetings 2025-04-09 N/A
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.
CVE-2008-2147 1 Videolan 1 Vlc 2025-04-09 N/A
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
CVE-2009-1495 1 Webfileexplorer 1 Web File Explorer 2025-04-09 N/A
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.
CVE-2008-1995 1 Sun 1 Java System Directory Server 2025-04-09 N/A
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
CVE-2008-6674 1 Quickersite 1 Quickersite 2025-04-09 N/A
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
CVE-2010-0223 1 Kingston 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure 2025-04-09 N/A
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.
CVE-2008-1332 1 Asterisk 6 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 3 more 2025-04-09 N/A
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
CVE-2007-5819 1 Ibm 1 Tivoli Continuous Data Protection For Files 2025-04-09 N/A
IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.
CVE-2009-0328 1 Robs-projects 1 Digital Sales Ipn 2025-04-09 N/A
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.
CVE-2007-5101 1 Furquim 1 Chironfs 2025-04-09 N/A
ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges.
CVE-2007-6243 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2025-04-09 N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVE-2008-2784 1 Spamdyke 1 Spamdyke 2025-04-09 N/A
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
CVE-2009-4585 1 Aspindir 1 Uranyumsoft Listing Service 2025-04-09 N/A
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.
CVE-2010-0310 1 Sun 1 Solaris 2025-04-09 N/A
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.