Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2653 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2025-04-09 | N/A |
| The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend. | ||||
| CVE-2007-6200 | 3 Redhat, Rsync, Slackware | 3 Enterprise Linux, Rsync, Slackware Linux | 2025-04-09 | N/A |
| Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. | ||||
| CVE-2008-4341 | 1 Myblog | 1 Myblog | 2025-04-09 | N/A |
| add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. | ||||
| CVE-2008-4791 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | ||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | ||||
| CVE-2007-4700 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. | ||||
| CVE-2007-4601 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | N/A |
| A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information. | ||||
| CVE-2008-1951 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus. | ||||
| CVE-2008-0375 | 1 Oki Printing Solutions | 1 C5510 Mfp Printer | 2025-04-09 | N/A |
| Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. | ||||
| CVE-2008-7024 | 1 Arzdev | 2 Gemini Lite, Gemini Portal | 2025-04-09 | N/A |
| admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users." | ||||
| CVE-2007-5571 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | N/A |
| Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536. | ||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | N/A |
| Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | ||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | ||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2025-04-09 | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | ||||
| CVE-2007-5441 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request. | ||||
| CVE-2007-3285 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | ||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2025-04-09 | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-7098 | 1 Debian | 1 Apache | 2025-04-09 | N/A |
| The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl. | ||||
| CVE-2007-6319 | 1 Lyris | 1 List Manager | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." | ||||
| CVE-2008-4214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | ||||