Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4701 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
CVE-2007-4740 1 Telecom Italy 1 Alice Messenger 2025-04-09 N/A
The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
CVE-2007-6050 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2025-04-09 N/A
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
CVE-2007-6051 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2025-04-09 N/A
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-5735 1 Efileman 1 Efileman 2025-04-09 N/A
eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm.
CVE-2009-2476 2 Redhat, Sun 4 Enterprise Linux, Rhel Extras, Java Se and 1 more 2025-04-09 N/A
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.
CVE-2009-0342 2 Linux, Provos 2 Linux Kernel, Systrace 2025-04-09 N/A
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
CVE-2003-1571 1 Webwizguide 1 Web Wiz Guestbook 2025-04-09 N/A
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
CVE-2007-3242 2 Web-app.net, Web-app.org 2 Webapp, Webapp 2025-04-09 N/A
The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu.
CVE-2007-3997 1 Php 1 Php 2025-04-09 N/A
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
CVE-2007-5040 1 Ghostsecurity 1 Ghost Security Suite 2025-04-09 N/A
Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks.
CVE-2007-5062 1 Adam Scheinberg 1 Flip 2025-04-09 N/A
account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action.
CVE-2009-0571 1 Ninjadesigns 1 Mailist 2025-04-09 N/A
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.
CVE-2009-0469 1 Futomis Cgi Cafe 1 Fulltext Search Cgi 2025-04-09 N/A
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.
CVE-2007-5352 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 N/A
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
CVE-2008-2810 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2025-04-09 N/A
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.
CVE-2008-2940 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2025-04-09 N/A
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
CVE-2008-3103 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2025-04-09 N/A
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
CVE-2008-3107 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Jdk and 2 more 2025-04-09 N/A
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
CVE-2008-3349 2 Ibm, Netapp 3 N Series Storage Server, Data Ontap, Fas900 2025-04-09 N/A
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.