Export limit exceeded: 363807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9542 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6052 | 1 Preprojects | 1 Pre E-learning Portal | 2026-04-23 | N/A |
| PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2026-04-23 | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1142 | 7 Aterm, Eterm, Mrxvt and 4 more | 7 Aterm, Eterm, Mrxvt and 4 more | 2026-04-23 | N/A |
| rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | ||||
| CVE-2008-5422 | 3 Novell, Redhat, Sun | 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more | 2026-04-23 | N/A |
| Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | ||||
| CVE-2006-7108 | 2 Andries Brouwer, Redhat | 2 Util-linux, Enterprise Linux | 2026-04-23 | N/A |
| login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. | ||||
| CVE-2008-6914 | 1 Zeeways | 1 Zeeproperty | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/. | ||||
| CVE-2008-3110 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2026-04-23 | N/A |
| Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. | ||||
| CVE-2009-1051 | 1 Chaozz | 1 Fubarforum | 2026-04-23 | N/A |
| FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | ||||
| CVE-2003-1571 | 1 Webwizguide | 1 Web Wiz Guestbook | 2026-04-23 | N/A |
| Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. | ||||
| CVE-2007-5829 | 1 Symantec | 2 Norton Antivirus, Norton Internet Security | 2026-04-23 | N/A |
| The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. | ||||
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2026-04-23 | N/A |
| CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3596 | 1 Joxtechnology | 1 Ajox Poll | 2026-04-23 | N/A |
| JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request. | ||||
| CVE-2008-4059 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. | ||||
| CVE-2008-1140 | 1 Deslock | 1 Deslock | 2026-04-23 | N/A |
| DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability. | ||||
| CVE-2008-2830 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | ||||
| CVE-2009-3442 | 2 Ariel Barreiro, Drupal | 2 Meta Tags, Drupal | 2026-04-23 | N/A |
| The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-5873 | 1 Yerba | 1 Yerba | 2026-04-23 | N/A |
| Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username. | ||||
| CVE-2008-5765 | 1 2500mhz | 1 Worksimple | 2026-04-23 | N/A |
| WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | ||||
| CVE-2007-5777 | 1 Blue-collar Productions | 1 I-gallery | 2026-04-23 | N/A |
| Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. | ||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2026-04-23 | N/A |
| Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | ||||