Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2657 1 Nilf 1 Nilfs 2025-04-09 N/A
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.
CVE-2009-2675 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2025-04-09 N/A
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
CVE-2008-1783 1 Prozilla 1 Reviews 2025-04-09 N/A
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
CVE-2004-2764 1 Sun 2 Jre, Sdk 2025-04-09 N/A
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."
CVE-2008-5980 1 Ocean12 Technologies 1 Mailing List Manager 2025-04-09 N/A
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
CVE-2008-2062 1 Cisco 1 Unified Communications Manager 2025-04-09 N/A
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
CVE-2008-5462 1 Oracle 1 Bea Product Suite 2025-04-09 N/A
Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2008-6650 1 Mywebland 1 Minibloggie 2025-04-09 N/A
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.
CVE-2009-0090 1 Microsoft 7 .net Framework, Windows 2000, Windows 7 and 4 more 2025-04-09 N/A
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
CVE-2010-0221 1 Kingston 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure 2025-04-09 N/A
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
CVE-2008-2306 2 Apple, Microsoft 3 Safari, Windows Vista, Windows Xp 2025-04-09 N/A
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
CVE-2006-4572 1 Linux 1 Linux Kernel 2025-04-09 N/A
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
CVE-2008-2308 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
CVE-2006-6662 1 Suse 3 Linux Enterprise Desktop, Suse Linux, Suse Open Enterprise Server 2025-04-09 N/A
Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.
CVE-2007-6603 1 Hotscripts 1 Hot Or Not Clone 2025-04-09 N/A
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php.
CVE-2009-0043 1 Ca 2 Service Level Management, Service Metric Analysis 2025-04-09 N/A
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2007-6211 2 Debian, Sing 2 Debian Linux, Sing 2025-04-09 N/A
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
CVE-2008-1436 1 Microsoft 5 Windows-nt, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 N/A
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
CVE-2008-1657 1 Openbsd 1 Openssh 2025-04-09 N/A
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
CVE-2008-1780 1 Sun 1 Solaris 2025-04-09 N/A
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.