Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1425 1 Uapplication 1 Uguestbook 2025-04-03 N/A
Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb.
CVE-2004-2739 1 Phprojekt 1 Phprojekt 2025-04-03 N/A
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
CVE-2004-2694 1 Microsoft 1 Outlook Express 2025-04-03 N/A
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
CVE-2004-2693 1 Hp 1 Hp-ux 2025-04-03 N/A
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
CVE-2004-2692 1 Kyberdigi Labs 1 Php-exec-dir 2025-04-03 N/A
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
CVE-2004-2689 1 Newsphp 1 Newsphp 2025-04-03 N/A
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
CVE-2004-2608 1 Smartwebby 1 Smart Guest Book 2025-04-03 N/A
SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account.
CVE-2004-1349 2 Gnu, Oracle 2 Gzip, Solaris 2025-04-03 N/A
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
CVE-2003-1524 1 Pgpi 1 Pgpdisk 2025-04-03 N/A
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
CVE-2004-0041 1 Mod Auth Shadow 1 Mod Auth Shadow 2025-04-03 N/A
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
CVE-2005-2929 2 Redhat, University Of Kansas 2 Enterprise Linux, Lynx 2025-04-03 N/A
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
CVE-2004-2743 1 Raditha Dissanayake 1 Mega Upload Progress Bar 2025-04-03 N/A
upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files.
CVE-2006-4476 1 Joomla 1 Joomla 2025-04-03 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
CVE-2006-4475 1 Joomla 1 Joomla 2025-04-03 N/A
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
CVE-2005-2932 1 Checkpoint 2 Zonealarm, Zonealarm Security Suite 2025-04-03 N/A
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.
CVE-2006-4253 4 K-meleon Project, Mozilla, Netscape and 1 more 4 K-meleon, Firefox, Navigator and 1 more 2025-04-03 N/A
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
CVE-2005-0139 1 Sgi 1 Irix 2025-04-03 N/A
Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities.
CVE-2002-2311 2 Microsoft, Opera Software 2 Internet Explorer, Opera Web Browser 2025-04-03 N/A
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
CVE-2005-2959 1 Todd Miller 1 Sudo 2025-04-03 N/A
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
CVE-2001-1247 2 Php, Redhat 2 Php, Linux 2025-04-03 N/A
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.