Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3234 2 Debian, Openbsd 2 Debian Linux, Openssh 2025-04-09 N/A
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
CVE-2008-7181 1 Butterflymedia 1 Butterfly Organizer 2025-04-09 N/A
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
CVE-2008-7118 1 Webidsupport 1 Webid 2025-04-09 N/A
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
CVE-2008-7173 1 Juracapecoffee 2 Internet Connectivity Kit, Jura Impressa 2025-04-09 N/A
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
CVE-2008-7172 1 Yanick Bourbeau 1 Lightweight News Portal 2025-04-09 N/A
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
CVE-2009-3122 2 Chris Shattuck, Drupal 2 Ajaxtable, Drupal 2025-04-09 N/A
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
CVE-2009-3106 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.
CVE-2007-6487 1 Plain Black 1 Webgui 2025-04-09 N/A
Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
CVE-2007-5447 2 Ioncube, Php 2 Php Encoder, Php 2025-04-09 N/A
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
CVE-2009-4527 2 Drupal, Niif 2 Drupal, Shib Auth 2025-04-09 N/A
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.
CVE-2008-6055 1 Preprojects 1 Pre Classified Listings 2025-04-09 N/A
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2007-4909 1 Winscp 1 Winscp 2025-04-09 N/A
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
CVE-2008-6053 1 Preprojects 1 Pre Resume Submitter 2025-04-09 N/A
PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2007-4937 1 Comscripts 1 Cs Guestbook 2025-04-09 N/A
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.
CVE-2008-1027 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
CVE-2007-6334 2 Ingres, Microsoft 2 Ingres, Windows Nt 2025-04-09 N/A
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
CVE-2007-5919 1 Mywebftp 1 Mywebftp 2025-04-09 N/A
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt.
CVE-2007-6507 1 Trend Micro 1 Serverprotect 2025-04-09 N/A
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
CVE-2008-0135 1 Snitz Communications 1 Snitz Forums 2000 2025-04-09 N/A
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
CVE-2008-3395 2 Calacode, Linux 2 Atmail, Linux Kernel 2025-04-09 N/A
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.