Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5835 1 Bosdev 1 Bosnews 2026-04-23 N/A
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
CVE-2008-1592 3 Hp, Ibm, Tandem Computers 3 Nonstop, Websphere Mq, Tandem Operating System 2026-04-23 N/A
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
CVE-2008-6643 1 Lokicms 1 Lokicms 2026-04-23 N/A
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVE-2008-0664 1 Wordpress 1 Wordpress 2026-04-23 N/A
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
CVE-2009-2911 1 Systemtap 1 Systemtap 2026-04-23 N/A
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.
CVE-2008-3395 2 Calacode, Linux 2 Atmail, Linux Kernel 2026-04-23 N/A
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2290 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
CVE-2007-2229 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."
CVE-2008-1780 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
CVE-2007-5777 1 Blue-collar Productions 1 I-gallery 2026-04-23 N/A
Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb.
CVE-2008-2138 1 Oracle 1 Application Server Portal 2026-04-23 N/A
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
CVE-2007-6644 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVE-2008-4600 1 Steve Dawson 1 Pokermax Poker League Tournament Script 2026-04-23 N/A
configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
CVE-2007-5945 1 Usvn 1 User-friendly Svn 2026-04-23 N/A
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
CVE-2008-0910 1 F-secure 8 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 5 more 2026-04-23 N/A
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792.
CVE-2008-3110 2 Redhat, Sun 3 Rhel Extras, Jdk, Jre 2026-04-23 N/A
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet.
CVE-2007-1460 1 Php 1 Php 2026-04-23 N/A
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
CVE-2007-5965 1 Trolltech 1 Qsslsocket 2026-04-23 N/A
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.
CVE-2007-4937 1 Comscripts 1 Cs Guestbook 2026-04-23 N/A
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.
CVE-2006-7114 1 Planerd.net 1 P-news 2026-04-23 N/A
P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.