Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2302 1 3d3.com 1 Shopfactory 2026-04-16 N/A
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field.
CVE-2002-2394 1 Trend Micro 1 Interscan Viruswall 2026-04-16 N/A
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding.
CVE-2002-2395 1 Trend Micro 1 Interscan Viruswall 2026-04-16 N/A
InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding.
CVE-2004-2689 1 Newsphp 1 Newsphp 2026-04-16 N/A
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
CVE-2005-2454 1 Ibm 1 Lotus Notes 2026-04-16 N/A
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.
CVE-1999-0344 1 Microsoft 1 Windows Nt 2026-04-16 N/A
NT users can gain debug-level access on a system process using the Sechole exploit.
CVE-2006-2373 1 Microsoft 3 Windows 2000, Windows Server 2003, Windows Xp 2026-04-16 N/A
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
CVE-2005-2741 2 Apple, Perry Kiehtreiber 3 Mac Os X, Mac Os X Server, Securityd 2026-04-16 N/A
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
CVE-2002-2425 1 Sun 1 Solaris Answerbook2 2026-04-16 N/A
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
CVE-2002-2407 1 Qnx 1 Rtos 2026-04-16 N/A
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
CVE-2005-4093 1 Checkpoint 2 Secureclient Ng, Vpn-1 Secureclient 2026-04-16 N/A
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
CVE-2001-1009 2 Fetchmail, Redhat 2 Fetchmail, Linux 2026-04-16 N/A
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
CVE-2006-2198 3 Openoffice, Redhat, Sun 3 Openoffice, Enterprise Linux, Staroffice 2026-04-16 N/A
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
CVE-2002-2283 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
CVE-2006-3011 1 Php 1 Php 2026-04-16 N/A
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
CVE-2006-1079 1 Acme Labs 1 Thttpd 2026-04-16 N/A
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
CVE-2005-1425 1 Uapplication 1 Uguestbook 2026-04-16 N/A
Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb.
CVE-2003-1383 1 Logicworks 1 Web Erp 2026-04-16 N/A
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
CVE-2004-2699 1 Aspdotnetstorefront 1 Aspdotnetstorefront 2026-04-16 N/A
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.
CVE-2004-2730 1 Microsoft 11 Psexec, Psgetsid, Psinfo and 8 more 2026-04-16 N/A
Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.