Search Results (9533 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5134 1 Cisco 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more 2026-04-23 N/A
Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended.
CVE-2008-6930 1 Phpstore 1 Real Estate 2026-04-23 N/A
Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/.
CVE-2008-3047 1 Typo3 1 Kb Unpack Extension 2026-04-23 N/A
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2009-0336 1 Katywhitton 1 Blogit\! 2026-04-23 N/A
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-4294 1 Ibm 1 Tivoli Netcool Webtop 2026-04-23 N/A
IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun.
CVE-2008-5896 1 Codeavalanche 1 Ratemysite 2026-04-23 N/A
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-0843 1 Statcountex 1 Statcountex 2026-04-23 N/A
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
CVE-2009-4607 1 Overlandstorage 2 Guardianos, Snap Server 410 2026-04-23 N/A
The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell.
CVE-2008-4512 1 Designplace 1 Asp\/ms Access Shoutbox 2026-04-23 N/A
ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2009-2737 1 Toni Mueller 1 Roundup 2026-04-23 N/A
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
CVE-2008-1638 1 Nik Software Inc 1 Nik Sharpener Pro 2026-04-23 N/A
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
CVE-2008-6514 1 Compiz 1 Compiz Fusion 2026-04-23 N/A
The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.
CVE-2008-6643 1 Lokicms 1 Lokicms 2026-04-23 N/A
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVE-2008-0657 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
CVE-2008-0556 1 Openca 1 Openca Pki 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.
CVE-2009-4299 1 Moodle 1 Moodle 2026-04-23 N/A
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.
CVE-2008-4585 1 Belong Software 1 Site Builder 2026-04-23 N/A
Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php.
CVE-2009-2669 1 Ibm 1 Aix 2026-04-23 N/A
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.
CVE-2007-2435 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Java Enterprise System and 2 more 2026-04-23 N/A
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
CVE-2009-2848 8 Canonical, Fedoraproject, Linux and 5 more 15 Ubuntu Linux, Fedora, Linux Kernel and 12 more 2026-04-23 N/A
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.