Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3968 1 Dirlist 1 Dirlist Php 2026-04-23 5.3 Medium
index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.
CVE-2007-6600 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
CVE-2008-5602 1 Natterchat 1 Natterchat 2026-04-23 N/A
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
CVE-2008-1473 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
CVE-2007-6650 1 Bitweaver 1 R2 Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
CVE-2008-4245 1 Rianxosencabos Cms 1 Rianxosencabos Cms 2026-04-23 N/A
The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
CVE-2008-4644 1 Mywebland 1 Mystats 2026-04-23 N/A
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
CVE-2006-7047 1 Shoutpro 1 Shoutpro 2026-04-23 N/A
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.
CVE-2007-4563 1 Hitachi 7 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Electronic Form Workflow - Standard Set and 4 more 2026-04-23 N/A
Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.
CVE-2007-4564 1 Hitachi 7 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Electronic Form Workflow - Standard Set and 4 more 2026-04-23 N/A
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.
CVE-2008-0293 1 Freeseat 1 Freeseat 2026-04-23 N/A
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.
CVE-2009-0641 1 Freebsd 1 Freebsd 2026-04-23 N/A
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
CVE-2008-5603 1 Aspapps 1 Aspticker 2026-04-23 N/A
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
CVE-2007-4649 1 Microworld Technologies 3 Escan Anti-virus, Escan Internet Security, Escan Virus Control 2026-04-23 N/A
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
CVE-2007-4650 1 Bharat Mediratta 1 Gallery 2026-04-23 N/A
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
CVE-2007-0004 1 Redhat 1 Enterprise Linux 2026-04-23 N/A
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.
CVE-2007-4691 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
CVE-2008-5617 1 Rsyslog 1 Rsyslog 2026-04-23 N/A
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
CVE-2008-5687 1 Mediawiki 1 Mediawiki 2026-04-23 N/A
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
CVE-2009-1223 1 Fullrevolution 1 Aspwebcalendar 2026-04-23 N/A
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.