Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6355 1 Thenetguys 1 Aspired2protect 2025-04-09 N/A
The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb.
CVE-2008-4793 1 Drupal 1 Drupal 2025-04-09 N/A
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
CVE-2008-2079 5 Canonical, Debian, Mysql and 2 more 6 Ubuntu Linux, Debian Linux, Mysql and 3 more 2025-04-09 N/A
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
CVE-2008-1731 2 3281d, Drupal 2 Simple Access, Drupal 2025-04-09 N/A
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.
CVE-2008-1515 1 Otrs 1 Otrs 2025-04-09 N/A
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
CVE-2008-2287 1 Symantec 1 Altiris Deployment Solution 2025-04-09 N/A
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.
CVE-2009-0122 1 Hp 1 Hplip 2025-04-09 N/A
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.
CVE-2009-2770 1 Powerupload 1 Powerupload 2025-04-09 N/A
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
CVE-2008-0805 1 Reality 1 Medias Phpizabi 2025-04-09 N/A
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
CVE-2008-1215 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2025-04-09 N/A
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
CVE-2008-0807 2 Debian, Horde 4 Debian Linux, Groupware, Groupware Webmail Edition and 1 more 2025-04-09 N/A
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
CVE-2007-4850 1 Php 1 Php 2025-04-09 N/A
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
CVE-2008-6357 1 Donnafontenot 1 Mycal Personal Events Calendar 2025-04-09 N/A
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.
CVE-2008-1834 1 Swfdec 1 Swfdec 2025-04-09 N/A
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
CVE-2009-0328 1 Robs-projects 1 Digital Sales Ipn 2025-04-09 N/A
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.
CVE-2008-1628 1 Linux 1 Audit 2025-04-09 N/A
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
CVE-2007-2279 1 Symantec 1 Veritas Storage Foundation 2025-04-09 N/A
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
CVE-2008-1595 1 Ibm 1 Aix 2025-04-09 N/A
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
CVE-2007-0843 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more 2025-04-09 N/A
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
CVE-2009-0399 1 Chipmunk Scripts 1 Chipmunk Blogger 2025-04-09 N/A
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.