Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2960 1 Cuteflow 1 Cuteflow 2025-04-09 N/A
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
CVE-2009-2075 2 Angrydonuts, Drupal 2 Nodequeue, Drupal 2025-04-09 N/A
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.
CVE-2008-2515 1 Ibm 1 Aix 2025-04-09 N/A
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."
CVE-2009-2056 1 Cisco 1 Ios Xr 2025-04-09 N/A
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
CVE-2009-4358 1 Freebsd 1 Freebsd 2025-04-09 N/A
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.
CVE-2008-1681 1 Ibm 1 Db2 Content Manager 2025-04-09 N/A
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
CVE-2008-1656 1 Adobe 1 Coldfusion 2025-04-09 N/A
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.
CVE-2007-6361 1 Gekkoware 1 Gekko 2025-04-09 N/A
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
CVE-2008-5956 1 Phpstreet 1 Webboard 2025-04-09 N/A
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.
CVE-2008-1638 1 Nik Software Inc 1 Nik Sharpener Pro 2025-04-09 N/A
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
CVE-2008-1627 1 Cds Software Consortium 1 Invenio 2025-04-09 N/A
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
CVE-2008-2290 1 Symantec 1 Altiris Deployment Solution 2025-04-09 N/A
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
CVE-2008-1600 1 Ibm 1 Aix 2025-04-09 N/A
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
CVE-2007-2435 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Java Enterprise System and 2 more 2025-04-09 N/A
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
CVE-2008-0779 1 Fortinet 1 Forticlient Host Security 2025-04-09 N/A
The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.
CVE-2008-1599 1 Ibm 1 Aix 2025-04-09 N/A
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
CVE-2008-1593 1 Ibm 1 Aix 2025-04-09 N/A
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
CVE-2025-3325 1 Iteaj 1 Iboot 2025-04-08 4.3 Medium
A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-29999 2025-04-08 6.7 Medium
A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory.
CVE-2025-3298 1 Oretnom23 1 Online Eyewear Shop 2025-04-08 4.3 Medium
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Registration Handler. The manipulation of the argument email leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.