Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4790 1 Drupal 1 Drupal 2025-04-09 N/A
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
CVE-2006-7098 1 Debian 1 Apache 2025-04-09 N/A
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
CVE-2008-4792 1 Drupal 1 Drupal 2025-04-09 N/A
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
CVE-2007-5382 1 Cisco 2 Wireless Control System, Wireless Lan Solution Engine 2025-04-09 N/A
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.
CVE-2007-5401 1 Layton Technology 1 Helpbox 2025-04-09 N/A
Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions.
CVE-2008-7002 1 Php 1 Php 2025-04-09 N/A
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
CVE-2007-6246 3 Adobe, Linux, Redhat 3 Flash Player, Linux Kernel, Rhel Extras 2025-04-09 N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
CVE-2009-0568 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more 2025-04-09 N/A
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
CVE-2009-0872 1 Sun 2 Opensolaris, Solaris 2025-04-09 N/A
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
CVE-2007-6441 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-09 N/A
The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
CVE-2008-0425 1 Frimousse 1 Frimousse 2025-04-09 N/A
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
CVE-2008-2271 1 Site Documentation Project 1 Site Documentation 2025-04-09 N/A
The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.
CVE-2008-0350 1 Evilsentinel 1 Evilsentinel 2025-04-09 N/A
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.
CVE-2008-0372 1 8e6 1 R3000 Internet Filter 2025-04-09 N/A
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
CVE-2008-1369 1 Sun 2 Sparc Enterprise Server, Sunos 2025-04-09 N/A
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
CVE-2008-0556 1 Openca 1 Openca Pki 2025-04-09 N/A
Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.
CVE-2009-2717 2 Microsoft, Sun 2 Windows 2000, Java Se 2025-04-09 N/A
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
CVE-2008-1473 1 Symantec 1 Altiris Deployment Solution 2025-04-09 N/A
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
CVE-2008-2400 1 Stunnel 1 Stunnel 2025-04-09 N/A
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.
CVE-2008-2551 1 Icona 1 Instant Messenger 2025-04-09 N/A
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."