Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6388 1 4u2ges 1 Rapid Classified 2025-04-09 N/A
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
CVE-2008-1139 1 Deslock 1 Deslock 2025-04-09 N/A
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.
CVE-2008-1140 1 Deslock 1 Deslock 2025-04-09 N/A
DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.
CVE-2009-3889 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-09 N/A
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
CVE-2009-3904 1 Cubecart 1 Cubecart 2025-04-09 N/A
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
CVE-2008-1230 1 Jspwiki 1 Jspwiki 2025-04-09 N/A
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
CVE-2009-4222 1 Smartisoft 1 Phpbazar 2025-04-09 N/A
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
CVE-2008-6375 1 Nexusjnr 1 Jbook 2025-04-09 N/A
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb.
CVE-2008-6321 1 Cfshopkart 1 Cf Shopkart 2025-04-09 N/A
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.
CVE-2008-6399 1 Dotnetnuke 1 Dotnetnuke 2025-04-09 N/A
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
CVE-2008-6296 1 Maran 1 Php Shop 2025-04-09 N/A
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
CVE-2007-1150 1 Lovecms 1 Lovecms 2025-04-09 N/A
Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.
CVE-2008-3967 1 Mybb 1 Mybb 2025-04-09 N/A
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
CVE-2008-5562 1 Aspapps 1 Aspportal 2025-04-09 N/A
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
CVE-2007-5857 1 Apple 1 Mac Os X 2025-04-09 N/A
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
CVE-2008-4453 1 Dspicture 2 Light Imaging Toolkit, Pro Imaging Sdk 2025-04-09 N/A
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
CVE-2008-4507 1 Ibm 1 Lotus Quickr 2025-04-09 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.
CVE-2008-3872 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2025-04-09 N/A
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations.
CVE-2008-5385 1 Ibm 1 Aix 2025-04-09 N/A
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.
CVE-2008-5347 2 Redhat, Sun 3 Rhel Extras, Jdk, Jre 2025-04-09 N/A
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.