Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4528 2 Drupal, Moshe Weitzman 2 Drupal, Og Vocab 2025-04-09 N/A
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.
CVE-2008-3268 1 Brickhost 1 Phpscheduleit 2025-04-09 N/A
Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information.
CVE-2007-4277 1 Trend Micro 2 Pc-cillin Internet Security 2007, Scan Engine 2025-04-09 N/A
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.
CVE-2008-3423 1 Ibm 1 Websphere Portal 2025-04-09 N/A
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
CVE-2008-3542 1 Hp 1 Insight Diagnostics 2025-04-09 N/A
Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.
CVE-2008-3855 1 Ibm 1 Db2 Universal Database 2025-04-09 N/A
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.
CVE-2008-3890 2 Amd, Freebsd 2 Amd64, Freebsd 2025-04-09 N/A
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.
CVE-2008-3924 1 Hans Oesterholt 1 Cmme 2025-04-09 N/A
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.
CVE-2008-4060 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-09 N/A
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
CVE-2008-4815 3 Adobe, Redhat, Unix 4 Acrobat, Acrobat Reader, Rhel Extras and 1 more 2025-04-09 N/A
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
CVE-2008-4822 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2025-04-09 N/A
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
CVE-2007-2985 1 Pheap 1 Pheap 2025-04-09 N/A
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.
CVE-2007-5777 1 Blue-collar Productions 1 I-gallery 2025-04-09 N/A
Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb.
CVE-2007-6479 1 Dokeos 1 Dokeos 2025-04-09 N/A
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
CVE-2008-5129 1 Ocean12 Technologies 1 Poll Manager 2025-04-09 N/A
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
CVE-2008-2873 1 Aspindir 1 Shibby Shop 2025-04-09 N/A
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
CVE-2009-1582 1 Kalptarudemos 1 Million Dollar Text Links 2025-04-09 N/A
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.
CVE-2007-6495 1 Hosting Controller 1 Hosting Controller 2025-04-09 N/A
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.
CVE-2007-6504 1 Hosting Controller 1 Hosting Controller 2025-04-09 N/A
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
CVE-2008-5218 1 Scriptsez 1 Freeze Greetings 2025-04-09 N/A
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.