Search Results (9543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0148 1 Tutos 1 Tutos 2026-04-23 N/A
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
CVE-2007-6619 1 Atlassian 1 Jira 2026-04-23 N/A
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
CVE-2009-3716 1 Maniacomputer 1 Mcshoutbox 2026-04-23 N/A
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
CVE-2007-6603 1 Hotscripts 1 Hot Or Not Clone 2026-04-23 N/A
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php.
CVE-2009-3725 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2026-04-23 N/A
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.
CVE-2007-6598 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2026-04-23 N/A
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
CVE-2009-3904 1 Cubecart 1 Cubecart 2026-04-23 N/A
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
CVE-2009-3920 2 Drupal, Sean Robertson 2 Drupal, Crmngp 2026-04-23 N/A
An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors.
CVE-2007-6594 1 Ibm 1 Lotus Notes 2026-04-23 N/A
IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file.
CVE-2007-6512 1 Php 1 Mysql Banner Exchange 2026-04-23 N/A
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
CVE-2007-6434 1 Linux 1 Linux Kernel 2026-04-23 N/A
Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.
CVE-2007-4651 1 Adobe 1 Connect Enterprise Server 2026-04-23 N/A
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
CVE-2007-4650 1 Bharat Mediratta 1 Gallery 2026-04-23 N/A
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
CVE-2009-4174 2 Cutephp, Korn19 2 Cutenews, Utf-8 Cutenews 2026-04-23 N/A
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
CVE-2007-4647 1 2coolcode 1 Our Space 2026-04-23 N/A
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
CVE-2009-4301 1 Moodle 1 Moodle 2026-04-23 N/A
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
CVE-2007-6182 1 Growth 1 Ispmanager 2026-04-23 N/A
The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
CVE-2009-4314 1 Sun 2 Ray Server Software, Solaris 2026-04-23 N/A
Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.
CVE-2007-6174 1 Phpdevshell 1 Phpdevshell 2026-04-23 N/A
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
CVE-2009-4331 1 Ibm 1 Db2 2026-04-23 N/A
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.