Search Results (5490 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2707 2 Intel, Sun 4 Network Interface Controller, Opensolaris, Solaris and 1 more 2026-04-23 N/A
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
CVE-2008-3464 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-23 N/A
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
CVE-2007-5026 1 Dblog 1 Dblog Cms 2026-04-23 N/A
dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb.
CVE-2006-5909 1 Paul Tarjan 1 Stanford Conference And Research Forum 2026-04-23 N/A
generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.
CVE-2008-1483 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-23 N/A
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
CVE-2009-1665 1 Easy-scripts 1 Answer And Question Script 2026-04-23 N/A
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
CVE-2007-4740 1 Telecom Italy 1 Alice Messenger 2026-04-23 N/A
The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
CVE-2007-5827 2 Debian, Iscsitarget 2 Debian Linux, Iscsitarget 2026-04-23 N/A
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
CVE-2009-0108 1 Phpauctions 1 Phpauctions 2026-04-23 N/A
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
CVE-2007-5338 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
CVE-2007-3997 1 Php 1 Php 2026-04-23 N/A
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
CVE-2007-6413 1 Sun 1 Solaris 2026-04-23 N/A
Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
CVE-2008-2079 5 Canonical, Debian, Mysql and 2 more 6 Ubuntu Linux, Debian Linux, Mysql and 3 more 2026-04-23 N/A
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
CVE-2008-6914 1 Zeeways 1 Zeeproperty 2026-04-23 N/A
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/.
CVE-2008-3655 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
CVE-2009-0230 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more 2026-04-23 N/A
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
CVE-2008-6940 1 Turnkeyforms 1 Web Hosting Directory 2026-04-23 N/A
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
CVE-2008-0074 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-23 N/A
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
CVE-2009-2574 1 Bioscripts 1 Minitwitter 2026-04-23 N/A
index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action.
CVE-2008-5736 1 Freebsd 1 Freebsd 2026-04-23 N/A
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.