Search Results (9537 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0588 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
CVE-2008-5780 1 Hostforest 1 Forest Blog 2026-04-23 N/A
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
CVE-2008-1473 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
CVE-2009-3843 1 Hp 1 Operations Manager 2026-04-23 N/A
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
CVE-2008-2309 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
CVE-2009-0170 1 Sun 1 Java System Access Manager 2026-04-23 N/A
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
CVE-2006-6501 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
CVE-2008-1255 1 Zyxel 1 P-660hw 2026-04-23 N/A
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.
CVE-2009-1582 1 Kalptarudemos 1 Million Dollar Text Links 2026-04-23 N/A
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.
CVE-2009-1597 2 Adobe, Mozilla 2 Acrobat Reader, Firefox 2026-04-23 N/A
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2009-3860 1 Idefense 1 Comraider 2026-04-23 N/A
Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
CVE-2008-5393 1 Privacy-cd 1 Unbuntu Privacy Remix 2026-04-23 N/A
UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays.
CVE-2008-5600 1 Merlix 1 Teamworx Server 2026-04-23 N/A
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.
CVE-2008-0135 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
CVE-2009-1600 2 Adobe, Apple 2 Acrobat Reader, Safari 2026-04-23 N/A
Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2009-0108 1 Phpauctions 1 Phpauctions 2026-04-23 N/A
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
CVE-2009-1716 1 Apple 1 Safari 2026-04-23 N/A
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
CVE-2009-1337 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2026-04-23 N/A
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
CVE-2009-1235 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.
CVE-2009-2631 4 Aladdin, Cisco, Sonicwall and 1 more 5 Safenet Securewire Access Gateway, Adaptive Security Appliance, E-class Ssl Vpn and 2 more 2026-04-23 N/A
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design