Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8981 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6514 | 1 Compiz | 1 Compiz Fusion | 2025-04-09 | N/A |
| The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920. | ||||
| CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2025-04-09 | N/A |
| Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | ||||
| CVE-2008-5935 | 1 Factosystem | 1 Factosystem Weblog | 2025-04-09 | N/A |
| Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5929 | 1 Vpasp | 1 Vp-asp Shopping Cart | 2025-04-09 | N/A |
| VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2025-04-09 | N/A |
| ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | ||||
| CVE-2009-0807 | 1 Zfeeder | 1 Zfeeder | 2025-04-09 | N/A |
| zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. | ||||
| CVE-2008-5916 | 1 Git | 1 Git | 2025-04-09 | N/A |
| gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | ||||
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2025-04-09 | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2025-04-09 | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4815 | 3 Adobe, Redhat, Unix | 4 Acrobat, Acrobat Reader, Rhel Extras and 1 more | 2025-04-09 | N/A |
| Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. | ||||
| CVE-2008-5905 | 1 Ktorrent | 1 Ktorrent | 2025-04-09 | N/A |
| The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request. | ||||
| CVE-2008-5855 | 1 Myphpscripts | 1 Login Session | 2025-04-09 | N/A |
| myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt. | ||||
| CVE-2008-5852 | 1 Emefa | 1 Emefa Guestbook | 2025-04-09 | N/A |
| Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. | ||||
| CVE-2008-5846 | 1 Sixapart | 1 Movable Type | 2025-04-09 | N/A |
| Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen." | ||||
| CVE-2008-5773 | 1 Nukedit | 1 Nukedit | 2025-04-09 | N/A |
| Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | ||||
| CVE-2008-5765 | 1 2500mhz | 1 Worksimple | 2025-04-09 | N/A |
| WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | ||||
| CVE-2008-5725 | 1 Entechtaiwan | 1 Powerstrip | 2025-04-09 | N/A |
| The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory. | ||||
| CVE-2008-5724 | 1 Eset | 1 Smart Security | 2025-04-09 | N/A |
| The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. | ||||
| CVE-2008-5716 | 1 Citrix | 1 Xen | 2025-04-09 | N/A |
| xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | ||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | ||||