Export limit exceeded: 362673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1085 1 Matomo 1 Matomo 2026-04-23 N/A
Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
CVE-2007-4739 1 Debian 1 Reprepro 2026-04-23 N/A
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
CVE-2007-6048 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2026-04-23 N/A
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-4746 1 Cisco 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software 2026-04-23 N/A
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.
CVE-2006-7098 1 Debian 1 Apache 2026-04-23 N/A
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
CVE-2008-2293 1 Tpvgames 1 Mpcs 2026-04-23 N/A
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
CVE-2008-2078 1 Robocode 1 Robocode 2026-04-23 N/A
Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue.
CVE-2009-0826 1 Freedville 1 Bloghelper 2026-04-23 N/A
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
CVE-2008-0145 1 Php 1 Php 2026-04-23 N/A
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
CVE-2008-1692 1 Eterm 1 Eterm 2026-04-23 N/A
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2008-2288 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.
CVE-2008-2314 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
CVE-2007-5171 1 Quicksilver Forums 1 Quicksilver Forums 2026-04-23 N/A
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors.
CVE-2009-4146 1 Freebsd 1 Freebsd 2026-04-23 N/A
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.
CVE-2009-4211 2 Disa, Sun 2 Srr For Solaris, Solaris 2026-04-23 N/A
The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.
CVE-2008-1397 1 Checkpoint 5 Check Point Vpn-1 Pro, Vpn-1, Vpn-1 Firewall-1 and 2 more 2026-04-23 N/A
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.
CVE-2008-1638 1 Nik Software Inc 1 Nik Sharpener Pro 2026-04-23 N/A
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
CVE-2008-5886 1 Takempis 1 Discussion Web 2026-04-23 N/A
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-3681 1 Joomla 1 Com User 2026-04-23 N/A
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
CVE-2009-0941 1 Hp 154 8100c Digital Sender, 9100c Digital Sender, 9200c Digital Sender and 151 more 2026-04-23 N/A
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.