Search Results (9533 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4299 1 Moodle 1 Moodle 2026-04-23 N/A
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.
CVE-2008-3778 1 Avaya 3 Communication Manager, S8300c Server, Sip Enablement Services 2026-04-23 N/A
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
CVE-2009-4358 1 Freebsd 1 Freebsd 2026-04-23 N/A
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.
CVE-2008-3105 2 Redhat, Sun 3 Rhel Extras, Jdk, Jre 2026-04-23 N/A
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
CVE-2006-6662 1 Suse 3 Linux Enterprise Desktop, Suse Linux, Suse Open Enterprise Server 2026-04-23 N/A
Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.
CVE-2007-6503 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
CVE-2007-6501 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
CVE-2007-6500 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
CVE-2007-6499 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
CVE-2007-6497 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
CVE-2007-6496 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.
CVE-2008-6292 1 Accscripts 1 Acc Autos 2026-04-23 N/A
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
CVE-2008-0038 1 Apple 1 Mac Os X 2026-04-23 N/A
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
CVE-2007-6441 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
CVE-2007-6424 1 Netfortris 1 Trixbox 2026-04-23 N/A
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.
CVE-2007-6395 1 Flat Php 1 Board 2026-04-23 N/A
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/.
CVE-2008-0233 1 Zero Cms 1 Zero Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.
CVE-2009-4314 1 Sun 2 Ray Server Software, Solaris 2026-04-23 N/A
Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.
CVE-2008-0275 1 Drupal 1 Atom Module 2026-04-23 N/A
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.
CVE-2008-0425 1 Frimousse 1 Frimousse 2026-04-23 N/A
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.