Search Results (5496 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6594 1 Ibm 1 Lotus Notes 2026-04-23 N/A
IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file.
CVE-2007-6598 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2026-04-23 N/A
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
CVE-2007-6600 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
CVE-2007-6603 1 Hotscripts 1 Hot Or Not Clone 2026-04-23 N/A
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php.
CVE-2007-6619 1 Atlassian 1 Jira 2026-04-23 N/A
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
CVE-2008-5725 1 Entechtaiwan 1 Powerstrip 2026-04-23 N/A
The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory.
CVE-2007-6638 1 March Networks 1 3204 Dvr 2026-04-23 N/A
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
CVE-2007-6640 1 Sourceforge 2 Creammonkey, Greasekit 2026-04-23 N/A
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
CVE-2007-6644 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVE-2008-6356 1 Donnafontenot 1 Evcal Events Calendar 2026-04-23 N/A
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
CVE-2007-6650 1 Bitweaver 1 R2 Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
CVE-2007-6668 1 Peergoal 1 Myspace Content Zone 2026-04-23 N/A
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.
CVE-2007-6675 1 Xoops 1 Xoops 2026-04-23 N/A
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.
CVE-2007-6685 1 Menalto 1 Gallery Publish Xp Module 2026-04-23 N/A
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
CVE-2007-6690 1 Menalto 1 Gallery 2026-04-23 N/A
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
CVE-2007-6705 1 Ibm 1 Websphere Mq 2026-04-23 N/A
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
CVE-2007-6709 1 Linksys 1 Wag54gs 2026-04-23 N/A
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
CVE-2008-6603 1 Moinmo 1 Moinmoin 2026-04-23 N/A
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
CVE-2007-6711 1 Freewebshop 1 Freewebshop 2026-04-23 N/A
Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.
CVE-2008-1657 1 Openbsd 1 Openssh 2026-04-23 N/A
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.