Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1790 1 Iscripts 1 Socialware 2025-04-09 N/A
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
CVE-2007-5023 2 Canonical, Vmware 5 Ubuntu Linux, Ace, Player and 2 more 2025-04-09 N/A
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
CVE-2009-4262 1 Haroldbakker 1 Hb-ns 2025-04-09 N/A
Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php.
CVE-2006-6683 1 Pedro Lineu Orso 1 Chetcpasswd 2025-04-09 N/A
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
CVE-2007-6334 2 Ingres, Microsoft 2 Ingres, Windows Nt 2025-04-09 N/A
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
CVE-2009-0024 1 Linux 1 Linux Kernel 2025-04-09 N/A
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.
CVE-2009-4314 1 Sun 2 Ray Server Software, Solaris 2025-04-09 N/A
Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.
CVE-2008-1692 1 Eterm 1 Eterm 2025-04-09 N/A
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2009-1637 1 Simplecustomer 1 Simple Customer 2025-04-09 N/A
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
CVE-2008-1784 1 Prozilla 1 Topsites 2025-04-09 N/A
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
CVE-2009-1610 1 Jobscript 1 Job Script Job Board Software 2025-04-09 N/A
admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request.
CVE-2008-1940 1 Grsecurity 1 Grsecurity Kernel Patch 2025-04-09 N/A
The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.
CVE-2008-0889 1 Redhat 2 Directory Server, Enterprise Linux 2025-04-09 N/A
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.
CVE-2009-1550 1 Zakkis 1 Abc Advertise 2025-04-09 N/A
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
CVE-2008-6603 1 Moinmo 1 Moinmoin 2025-04-09 N/A
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
CVE-2009-1462 1 Razorcms 1 Razorcms 2025-04-09 N/A
The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
CVE-2009-0828 1 Freedville 1 Quotebook 2025-04-09 N/A
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
CVE-2008-0664 1 Wordpress 1 Wordpress 2025-04-09 N/A
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
CVE-2007-3278 3 Debian, Postgresql, Redhat 4 Debian Linux, Postgresql, Enterprise Linux and 1 more 2025-04-09 N/A
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
CVE-2006-5585 1 Microsoft 2 Windows 2003 Server, Windows Xp 2025-04-09 N/A
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."