Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5401 1 Layton Technology 1 Helpbox 2025-04-09 N/A
Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions.
CVE-2007-6636 1 Bitflu 1 Bitflu 2025-04-09 N/A
Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file.
CVE-2009-0078 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2025-04-09 N/A
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
CVE-2009-0079 1 Microsoft 2 Windows Server 2003, Windows Xp 2025-04-09 N/A
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
CVE-2007-6598 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2025-04-09 N/A
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
CVE-2007-6507 1 Trend Micro 1 Serverprotect 2025-04-09 N/A
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
CVE-2007-5827 2 Debian, Iscsitarget 2 Debian Linux, Iscsitarget 2025-04-09 N/A
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
CVE-2009-0024 1 Linux 1 Linux Kernel 2025-04-09 N/A
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.
CVE-2007-5856 1 Apple 1 Mac Os X 2025-04-09 N/A
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
CVE-2007-5907 2 Redhat, Xensource Inc 2 Enterprise Linux, Xen 2025-04-09 N/A
Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash).
CVE-2008-4451 1 Eset Software 1 System Analyzer Tool 2025-04-09 N/A
The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer.
CVE-2007-5987 1 Bti-tracker 1 Bti-tracker 2025-04-09 N/A
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
CVE-2007-6487 1 Plain Black 1 Webgui 2025-04-09 N/A
Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
CVE-2007-6441 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-09 N/A
The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
CVE-2009-0872 1 Sun 2 Opensolaris, Solaris 2025-04-09 N/A
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
CVE-2009-3207 2 Drewish, Drupal 2 Imagecache, Drupal 2025-04-09 N/A
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
CVE-2008-6540 1 Dotnetnuke 1 Dotnetnuke 2025-04-09 N/A
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.
CVE-2008-6374 1 Codefixer 1 Mailinglistpro 2025-04-09 N/A
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.
CVE-2009-3041 1 Spip 1 Spip 2025-04-09 N/A
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
CVE-2008-5603 1 Aspapps 1 Aspticker 2025-04-09 N/A
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.