Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4545 1 Cisco 1 Unity 2025-04-09 N/A
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.
CVE-2007-2388 2 Apple, Microsoft 3 Mac Os X, Quicktime, All Windows 2025-04-09 N/A
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
CVE-2008-1995 1 Sun 1 Java System Directory Server 2025-04-09 N/A
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
CVE-2008-6514 1 Compiz 1 Compiz Fusion 2025-04-09 N/A
The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.
CVE-2008-1293 1 Ltsp 1 Linux Terminal Server Project 2025-04-09 N/A
ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).
CVE-2008-1625 1 Avast 2 Avast Antivirus Home, Avast Antivirus Professional 2025-04-09 N/A
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
CVE-2008-5699 1 Sun 2 Opensolaris, Solaris 2025-04-09 N/A
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.
CVE-2008-7076 1 Kalptaru Infotech 1 Stararticles 2025-04-09 N/A
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
CVE-2008-1139 1 Deslock 1 Deslock 2025-04-09 N/A
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.
CVE-2008-1140 1 Deslock 1 Deslock 2025-04-09 N/A
DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.
CVE-2009-3889 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-09 N/A
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
CVE-2009-3904 1 Cubecart 1 Cubecart 2025-04-09 N/A
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
CVE-2008-1230 1 Jspwiki 1 Jspwiki 2025-04-09 N/A
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
CVE-2009-4222 1 Smartisoft 1 Phpbazar 2025-04-09 N/A
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
CVE-2008-6399 1 Dotnetnuke 1 Dotnetnuke 2025-04-09 N/A
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
CVE-2007-1150 1 Lovecms 1 Lovecms 2025-04-09 N/A
Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.
CVE-2008-3967 1 Mybb 1 Mybb 2025-04-09 N/A
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
CVE-2009-0809 2 3ds, Ibm 2 Enovia Smarteam, Catia 2025-04-09 N/A
The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object.
CVE-2009-0827 1 Freedville 1 Pollhelper 2025-04-09 N/A
PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
CVE-2008-6613 1 Abweb 1 Minimal-ablog 2025-04-09 N/A
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.