Search Results (9565 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5236 1 Sun 3 Jdk, Jre, Sdk 2026-04-23 N/A
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.
CVE-2007-5819 1 Ibm 1 Tivoli Continuous Data Protection For Files 2026-04-23 N/A
IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.
CVE-2008-2314 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
CVE-2009-1679 1 Apple 2 Iphone Os, Ipod Touch 2026-04-23 N/A
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
CVE-2009-0899 1 Ibm 3 Integrated Solutions Console, Websphere Application Server, Websphere Portal 2026-04-23 N/A
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.
CVE-2008-3967 1 Mybb 1 Mybb 2026-04-23 N/A
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
CVE-2007-5194 1 Rpath 1 Rmake 2026-04-23 N/A
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.
CVE-2008-5846 1 Sixapart 1 Movable Type 2026-04-23 N/A
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
CVE-2007-5171 1 Quicksilver Forums 1 Quicksilver Forums 2026-04-23 N/A
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors.
CVE-2007-5987 1 Bti-tracker 1 Bti-tracker 2026-04-23 N/A
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
CVE-2008-6613 1 Abweb 1 Minimal-ablog 2026-04-23 N/A
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.
CVE-2008-0038 1 Apple 1 Mac Os X 2026-04-23 N/A
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
CVE-2007-5851 1 Apple 1 Mac Os X 2026-04-23 N/A
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
CVE-2007-5238 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2026-04-23 N/A
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities."
CVE-2008-0928 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2026-04-23 N/A
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
CVE-2008-1710 1 Ibm 1 Aix 2026-04-23 N/A
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
CVE-2008-5699 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.
CVE-2008-1599 1 Ibm 1 Aix 2026-04-23 N/A
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
CVE-2007-5237 1 Sun 2 Jdk, Jre 2026-04-23 N/A
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."
CVE-2007-5230 1 Zomplog 1 Zomplog 2026-04-23 N/A
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.