Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5442 1 Cmsmadesimple 1 Cms Made Simple 2025-04-09 N/A
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
CVE-2008-2539 1 Sun 1 Cluster 2025-04-09 N/A
The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors.
CVE-2008-1656 1 Adobe 1 Coldfusion 2025-04-09 N/A
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.
CVE-2008-4097 1 Oracle 1 Mysql 2025-04-09 N/A
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
CVE-2008-4313 2 Openpegasus, Redhat 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop 2025-04-09 N/A
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
CVE-2008-4585 1 Belong Software 1 Site Builder 2025-04-09 N/A
Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php.
CVE-2009-1550 1 Zakkis 1 Abc Advertise 2025-04-09 N/A
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
CVE-2008-1681 1 Ibm 1 Db2 Content Manager 2025-04-09 N/A
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
CVE-2008-5397 1 Tor 1 Tor 2025-04-09 N/A
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
CVE-2009-1767 1 2daybiz 1 Template Monster Clone 2025-04-09 N/A
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
CVE-2009-1840 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-09 N/A
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
CVE-2009-1883 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
CVE-2008-7155 1 Phprisk 1 Netrisk 2025-04-09 N/A
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
CVE-2009-3298 1 Mahara 1 Mahara 2025-04-09 N/A
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.
CVE-2008-1614 1 Sebastian Marsching 1 Suphp 2025-04-09 N/A
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.
CVE-2008-2400 1 Stunnel 1 Stunnel 2025-04-09 N/A
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.
CVE-2008-2551 1 Icona 1 Instant Messenger 2025-04-09 N/A
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."
CVE-2007-4746 1 Cisco 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software 2025-04-09 N/A
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.
CVE-2008-0889 1 Redhat 2 Directory Server, Enterprise Linux 2025-04-09 N/A
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.
CVE-2009-4502 3 Freebsd, Sun, Zabbix 3 Freebsd, Solaris, Zabbix 2025-04-09 N/A
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.