Search Results (9533 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2388 2 Apple, Microsoft 3 Mac Os X, Quicktime, All Windows 2026-04-23 N/A
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
CVE-2007-5469 1 Openser 1 Openser 2026-04-23 N/A
OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons.
CVE-2008-5846 1 Sixapart 1 Movable Type 2026-04-23 N/A
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
CVE-2008-5699 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.
CVE-2007-5042 1 Agnitum 1 Outpost Firewall 2026-04-23 N/A
Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160.
CVE-2007-4647 1 2coolcode 1 Our Space 2026-04-23 N/A
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
CVE-2008-4545 1 Cisco 1 Unity 2026-04-23 N/A
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.
CVE-2008-4552 2 Nfs, Redhat 2 Nfs-utils, Enterprise Linux 2026-04-23 N/A
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
CVE-2007-3500 1 Xeforum 1 Xeforum 2026-04-23 N/A
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
CVE-2007-3804 1 Clavister 1 Clavister Coreplus 2026-04-23 N/A
The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files.
CVE-2007-3782 2 Mysql, Redhat 3 Community Server, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
CVE-2009-2818 1 Apple 1 Mac Os X Server 2026-04-23 N/A
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
CVE-2007-1893 1 Wordpress 1 Wordpress 2026-04-23 N/A
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
CVE-2008-6296 1 Maran 1 Php Shop 2026-04-23 N/A
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
CVE-2007-3997 1 Php 1 Php 2026-04-23 N/A
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
CVE-2007-4649 1 Microworld Technologies 3 Escan Anti-virus, Escan Internet Security, Escan Virus Control 2026-04-23 N/A
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
CVE-2009-2558 1 Adminnewstools 1 Admin News Tools 2026-04-23 N/A
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request.
CVE-2008-6603 1 Moinmo 1 Moinmoin 2026-04-23 N/A
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
CVE-2009-3716 1 Maniacomputer 1 Mcshoutbox 2026-04-23 N/A
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
CVE-2009-4411 1 Xfs 1 Acl 2026-04-23 N/A
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.