Search Results (9542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2488 1 Beaussier 1 Roomphplanning 2026-04-23 N/A
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.
CVE-2008-1877 1 Debian 1 Tss 2026-04-23 N/A
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
CVE-2007-6049 3 Ibm, Linux, Unix 3 Db2 Universal Database, Linux Kernel, Unix 2026-04-23 N/A
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
CVE-2008-1810 2 Linux, Sap 2 Linux Kernel, Maxdb 2026-04-23 N/A
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.
CVE-2008-1790 1 Iscripts 1 Socialware 2026-04-23 N/A
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
CVE-2007-3740 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
CVE-2008-1783 1 Prozilla 1 Reviews 2026-04-23 N/A
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
CVE-2009-2669 1 Ibm 1 Aix 2026-04-23 N/A
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.
CVE-2008-1780 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
CVE-2007-5260 1 Asp-cms 1 Asp-cms 2026-04-23 N/A
ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb.
CVE-2008-5897 1 Codeavalanche 1 Freewallpaper 2026-04-23 N/A
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-1692 1 Eterm 1 Eterm 2026-04-23 N/A
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2008-1638 1 Nik Software Inc 1 Nik Sharpener Pro 2026-04-23 N/A
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
CVE-2008-1627 1 Cds Software Consortium 1 Invenio 2026-04-23 N/A
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
CVE-2008-1625 1 Avast 2 Avast Antivirus Home, Avast Antivirus Professional 2026-04-23 N/A
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
CVE-2008-0805 1 Reality 1 Medias Phpizabi 2026-04-23 N/A
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
CVE-2008-0792 1 F-secure 8 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 5 more 2026-04-23 N/A
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
CVE-2008-0709 4 Hp, Microsoft, Redhat and 1 more 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
CVE-2007-5493 1 Microsoft 1 Windows Mobile 2026-04-23 N/A
The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.
CVE-2009-2675 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2026-04-23 N/A
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.