Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0244 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.
CVE-2005-2071 1 Sun 1 Solaris 2026-04-16 N/A
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
CVE-2005-2072 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
CVE-2005-2741 2 Apple, Perry Kiehtreiber 3 Mac Os X, Mac Os X Server, Securityd 2026-04-16 N/A
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
CVE-2005-2819 1 Eric Fichot 1 Downfile 2026-04-16 N/A
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.
CVE-2005-2929 2 Redhat, University Of Kansas 2 Enterprise Linux, Lynx 2026-04-16 N/A
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
CVE-2005-2932 1 Checkpoint 2 Zonealarm, Zonealarm Security Suite 2026-04-16 N/A
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.
CVE-2005-2936 1 Realnetworks 2 Realone Player, Realplayer 2026-04-16 N/A
Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
CVE-2005-2938 1 Apple 1 Itunes 2026-04-16 N/A
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
CVE-2005-2959 1 Todd Miller 1 Sudo 2026-04-16 N/A
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
CVE-2005-3631 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.
CVE-2006-0525 1 Adobe 9 Acrobat, Acrobat Reader, Creative Suite and 6 more 2026-04-16 N/A
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.
CVE-2006-0527 1 Isc 1 Bind 2026-04-16 N/A
BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.
CVE-2006-0553 1 Postgresql 1 Postgresql 2026-04-16 N/A
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
CVE-2006-1174 2 Debian, Redhat 2 Shadow, Enterprise Linux 2026-04-16 N/A
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
CVE-2006-1380 1 Trendmicro 1 Interscan Messaging Security Suite 2026-04-16 N/A
ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe.
CVE-1999-0344 1 Microsoft 1 Windows Nt 2026-04-16 N/A
NT users can gain debug-level access on a system process using the Sechole exploit.
CVE-2006-4640 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-16 N/A
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
CVE-2006-2112 2 Dell, Fuji Xerox 19 3000cn, 3010cn, 3100cn and 16 more 2026-04-16 N/A
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.
CVE-2006-2530 1 Snitz Communications 2 Avatar Mod, Snitz Forums 2000 2026-04-16 N/A
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.