Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3742 1 Drupal 1 Drupal 2025-04-09 N/A
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
CVE-2009-0807 1 Zfeeder 1 Zfeeder 2025-04-09 N/A
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.
CVE-2008-0779 1 Fortinet 1 Forticlient Host Security 2025-04-09 N/A
The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.
CVE-2008-3778 1 Avaya 3 Communication Manager, S8300c Server, Sip Enablement Services 2025-04-09 N/A
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
CVE-2008-3609 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
CVE-2008-3602 1 Psychdaily 1 Php Ring Webring System 2025-04-09 N/A
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2008-3924 1 Hans Oesterholt 1 Cmme 2025-04-09 N/A
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.
CVE-2008-5625 1 Php 1 Php 2025-04-09 N/A
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
CVE-2009-4091 1 Simplog 1 Simplog 2025-04-09 N/A
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
CVE-2008-3271 2 Apache, Redhat 2 Tomcat, Network Satellite 2025-04-09 N/A
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
CVE-2008-4597 1 Drupal 1 Shindig-integrator 2025-04-09 N/A
Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.
CVE-2008-1656 1 Adobe 1 Coldfusion 2025-04-09 N/A
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.
CVE-2009-1226 1 Podcast Generator 1 Podcast Generator 2025-04-09 N/A
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
CVE-2008-3064 1 Realnetworks 1 Realplayer 2025-04-09 N/A
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
CVE-2009-1322 1 Humayun Shabbir Bhutta 1 Asp Product Catalog 2025-04-09 N/A
ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb.
CVE-2008-1027 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
CVE-2008-3000 1 Drupal 1 Aggregation Module 2025-04-09 N/A
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
CVE-2007-5194 1 Rpath 1 Rmake 2025-04-09 N/A
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.
CVE-2008-1668 1 Hp 1 Hp-ux 2025-04-09 N/A
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
CVE-2009-1495 1 Webfileexplorer 1 Web File Explorer 2025-04-09 N/A
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.