Search Results (9579 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2265 2 Hp, Open Source Internet Solutions 2 Tru64, Open Source Internet Solutions 2026-04-16 N/A
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
CVE-2003-1541 1 Planetmoon 1 Guestbook 2026-04-16 N/A
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
CVE-2004-0041 1 Mod Auth Shadow 1 Mod Auth Shadow 2026-04-16 N/A
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
CVE-2002-2270 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.
CVE-2002-2283 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
CVE-2006-1380 1 Trendmicro 1 Interscan Messaging Security Suite 2026-04-16 N/A
ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe.
CVE-2002-2302 1 3d3.com 1 Shopfactory 2026-04-16 N/A
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field.
CVE-2005-3179 1 Linux 1 Linux Kernel 2026-04-16 N/A
drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.
CVE-2006-0700 1 Imagevue 1 Imagevue 2026-04-16 N/A
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.
CVE-2006-0697 1 Zen-cart 1 Zen Cart 2026-04-16 N/A
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
CVE-2005-4850 1 Ez 1 Ez Publish 2026-04-16 N/A
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.
CVE-2002-2311 2 Microsoft, Opera Software 2 Internet Explorer, Opera Web Browser 2026-04-16 N/A
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
CVE-2002-2320 1 Mysimplenews 1 Mysimplenews 2026-04-16 N/A
MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3.
CVE-2003-1552 1 Graeme 1 Uploader 2026-04-16 N/A
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
CVE-2006-0553 1 Postgresql 1 Postgresql 2026-04-16 N/A
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
CVE-2002-2407 1 Qnx 1 Rtos 2026-04-16 N/A
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
CVE-2005-4871 1 Ibm 1 Db2 2026-04-16 N/A
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
CVE-2002-2405 1 Checkpoint 1 Firewall-1 2026-04-16 N/A
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
CVE-2002-2324 1 Microsoft 1 Windows Xp 2026-04-16 N/A
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
CVE-2005-4855 1 Ez 1 Ez Publish 2026-04-16 N/A
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.