Search Results (9574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6416 2 Redhat, Xen 2 Enterprise Linux, Xen 2026-04-23 N/A
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
CVE-2007-1045 1 Malbum 1 Malbum 2026-04-23 N/A
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
CVE-2009-4607 1 Overlandstorage 2 Guardianos, Snap Server 410 2026-04-23 N/A
The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell.
CVE-2008-0998 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
CVE-2007-5644 1 Lussumo 1 Vanilla 2026-04-23 N/A
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.
CVE-2008-6514 1 Compiz 1 Compiz Fusion 2026-04-23 N/A
The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.
CVE-2009-4606 1 South River Technologies 1 Webdrive 2026-04-23 N/A
South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
CVE-2008-1027 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
CVE-2007-4701 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
CVE-2009-4558 2 Drupal, Unleashedmind 2 Drupal, Img Assist 2026-04-23 N/A
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors.
CVE-2008-1132 1 Net Activity Viewer 1 Net Activity Viewer 2026-04-23 N/A
Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.
CVE-2008-1095 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
CVE-2008-2724 1 Menalto 1 Gallery 2026-04-23 N/A
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
CVE-2009-3921 2 Drupal, Ezra Barnett Gildesgame 2 Drupal, Smartqueue Og 2026-04-23 N/A
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
CVE-2008-6580 1 Funscripts 1 Red Reservations 2026-04-23 N/A
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.
CVE-2009-3889 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
CVE-2009-3880 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2026-04-23 N/A
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
CVE-2008-6535 1 Paypalestores 1 Paypal Estores 2026-04-23 N/A
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.
CVE-2009-0873 1 Sun 3 Opensolaris, Solaris, Sunos 2026-04-23 N/A
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."
CVE-2008-6496 1 Visagesoft 1 Expert Pdf Editorx 2026-04-23 N/A
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.