Search Results (9564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1784 1 Prozilla 1 Topsites 2026-04-23 N/A
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
CVE-2008-4195 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.
CVE-2007-5342 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2026-04-23 N/A
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
CVE-2008-4915 1 Vmware 6 Ace, Esx, Esxi and 3 more 2026-04-23 N/A
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
CVE-2008-0245 1 Uploadscript 2 Uploadimage, Uploadscript 2026-04-23 N/A
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
CVE-2009-4091 1 Simplog 1 Simplog 2026-04-23 N/A
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
CVE-2007-5352 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-23 N/A
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
CVE-2009-1053 1 Chaozz 1 Chaozzdb 2026-04-23 N/A
chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
CVE-2009-0866 1 Phnews 1 Phnews 2026-04-23 N/A
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.
CVE-2009-0826 1 Freedville 1 Bloghelper 2026-04-23 N/A
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
CVE-2008-0049 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
CVE-2009-1599 2 Adobe, Opera 2 Acrobat Reader, Opera Browser 2026-04-23 N/A
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2009-0043 1 Ca 2 Service Level Management, Service Metric Analysis 2026-04-23 N/A
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2009-1597 2 Adobe, Mozilla 2 Acrobat Reader, Firefox 2026-04-23 N/A
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2008-5925 1 Asp-dev 1 Xm Events Diary 2026-04-23 N/A
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.
CVE-2008-3494 1 8e6 1 R3000 Internet Filter 2026-04-23 N/A
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.
CVE-2008-2682 1 Realm Project 1 Realm Cms 2026-04-23 N/A
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVE-2008-5773 1 Nukedit 1 Nukedit 2026-04-23 N/A
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.
CVE-2008-6603 1 Moinmo 1 Moinmoin 2026-04-23 N/A
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
CVE-2007-5289 1 Hp 2 Mercury Quality Center, Testdirector 2026-04-23 N/A
HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only.