Search Results (9566 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2367 1 Redhat 1 Certificate System 2026-04-23 N/A
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.
CVE-2007-5447 2 Ioncube, Php 2 Php Encoder, Php 2026-04-23 N/A
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
CVE-2008-1628 1 Linux 1 Audit 2026-04-23 N/A
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
CVE-2008-1627 1 Cds Software Consortium 1 Invenio 2026-04-23 N/A
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
CVE-2009-1264 2 Stanislas Rolland, Typo3 2 Sr Feuser Register, Typo3 2026-04-23 N/A
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
CVE-2007-5493 1 Microsoft 1 Windows Mobile 2026-04-23 N/A
The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.
CVE-2008-0293 1 Freeseat 1 Freeseat 2026-04-23 N/A
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.
CVE-2009-1460 1 Razorcms 1 Razorcms 2026-04-23 N/A
razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact.
CVE-2009-3568 3 Dave Reid, Drupal, Gabor Hojtsy 3 Commentrss, Drupal, Commentrss 2026-04-23 N/A
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
CVE-2008-1780 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
CVE-2009-1322 1 Humayun Shabbir Bhutta 1 Asp Product Catalog 2026-04-23 N/A
ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb.
CVE-2008-4790 1 Drupal 1 Drupal 2026-04-23 N/A
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
CVE-2009-2476 2 Redhat, Sun 4 Enterprise Linux, Rhel Extras, Java Se and 1 more 2026-04-23 N/A
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.
CVE-2008-3557 1 Fhm-script 1 Free Hosting Manager 2026-04-23 N/A
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.
CVE-2009-2453 1 Citrix 2 Presentation Server, Xenapp 2026-04-23 N/A
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
CVE-2008-4245 1 Rianxosencabos Cms 1 Rianxosencabos Cms 2026-04-23 N/A
The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
CVE-2008-2308 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
CVE-2009-4033 2 Redhat, Tim Hockin 2 Enterprise Linux, Acpid 2026-04-23 N/A
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.
CVE-2009-0760 1 Team5 1 Team Board 2026-04-23 N/A
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
CVE-2008-3602 1 Psychdaily 1 Php Ring Webring System 2026-04-23 N/A
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.