Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4215 1 Apple 1 Mac Os X Server 2025-04-09 N/A
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.
CVE-2007-6048 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2025-04-09 N/A
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2008-1992 1 Acidcat 1 Acidcat Cms 2025-04-09 N/A
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.
CVE-2008-4210 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2009-1821 1 Dmxready 1 Registration Manager 2025-04-09 N/A
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.
CVE-2008-3920 1 Bitlbee 1 Bitlbee 2025-04-09 N/A
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.
CVE-2008-5738 1 Nodstrum 1 Mysql Calendar 2025-04-09 N/A
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
CVE-2009-2027 1 Apple 1 Safari 2025-04-09 N/A
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.
CVE-2008-5929 1 Vpasp 1 Vp-asp Shopping Cart 2025-04-09 N/A
VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information.
CVE-2007-4799 1 Ibm 1 Aix 2025-04-09 N/A
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
CVE-2009-1652 1 2daybiz 1 Business Community Script 2025-04-09 N/A
admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.
CVE-2007-5447 2 Ioncube, Php 2 Php Encoder, Php 2025-04-09 N/A
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
CVE-2008-7212 2 Brilaps, Mambo-foundation 2 Mostlyce, Mambo 2025-04-09 N/A
MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.
CVE-2008-4341 1 Myblog 1 Myblog 2025-04-09 N/A
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
CVE-2008-7157 1 Ekinboard 1 Ekinboard 2025-04-09 N/A
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
CVE-2008-3876 1 Apple 1 Iphone 2025-04-09 N/A
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.
CVE-2009-1601 1 Ubuntu 1 Linux 2025-04-09 N/A
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.
CVE-2008-3826 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2025-04-09 N/A
Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.
CVE-2007-4798 1 Ibm 1 Aix 2025-04-09 N/A
Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix".
CVE-2007-5965 1 Trolltech 1 Qsslsocket 2025-04-09 N/A
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.