Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9565 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6613 1 Abweb 1 Minimal-ablog 2026-04-23 N/A
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.
CVE-2008-6008 1 Herongyang 1 Hybook 2026-04-23 N/A
hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.
CVE-2008-5780 1 Hostforest 1 Forest Blog 2026-04-23 N/A
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
CVE-2008-5773 1 Nukedit 1 Nukedit 2026-04-23 N/A
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.
CVE-2007-1056 1 Vmware 1 Workstation 2026-04-23 N/A
VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permissions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.
CVE-2008-5956 1 Phpstreet 1 Webboard 2026-04-23 N/A
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.
CVE-2008-5765 1 2500mhz 1 Worksimple 2026-04-23 N/A
WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt.
CVE-2007-6705 1 Ibm 1 Websphere Mq 2026-04-23 N/A
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
CVE-2008-5762 1 Mariovaldez 1 Simple Text-file Login Script 2026-04-23 N/A
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.
CVE-2008-5133 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
CVE-2007-5945 1 Usvn 1 User-friendly Svn 2026-04-23 N/A
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
CVE-2007-6690 1 Menalto 1 Gallery 2026-04-23 N/A
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
CVE-2008-5130 1 Ocean12 Technologies 1 Calendar Manager 2026-04-23 N/A
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
CVE-2007-1045 1 Malbum 1 Malbum 2026-04-23 N/A
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
CVE-2007-5856 1 Apple 1 Mac Os X 2026-04-23 N/A
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
CVE-2008-5129 1 Ocean12 Technologies 1 Poll Manager 2026-04-23 N/A
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
CVE-2007-6685 1 Menalto 1 Gallery Publish Xp Module 2026-04-23 N/A
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
CVE-2008-5128 1 Ocean12 Technologies 1 Membership Manager Pro 2026-04-23 N/A
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
CVE-2008-5127 1 Ocean12 Technologies 1 Contact Manager 2026-04-23 N/A
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
CVE-2007-6675 1 Xoops 1 Xoops 2026-04-23 N/A
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.