Export limit exceeded: 359526 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9476 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3602 | 1 Psychdaily | 1 Php Ring Webring System | 2026-04-23 | N/A |
| admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | ||||
| CVE-2008-3605 | 1 Mcafee | 1 Encrypted Usb Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors. | ||||
| CVE-2009-2574 | 1 Bioscripts | 1 Minitwitter | 2026-04-23 | N/A |
| index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action. | ||||
| CVE-2007-4679 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. | ||||
| CVE-2008-5398 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. | ||||
| CVE-2009-3716 | 1 Maniacomputer | 1 Mcshoutbox | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/. | ||||
| CVE-2007-5044 | 1 Zonelabs | 1 Zonealarm | 2026-04-23 | N/A |
| ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreatePort and (2) NtDeleteFile kernel SSDT hooks, a partial regression of CVE-2007-2083. | ||||
| CVE-2008-5393 | 1 Privacy-cd | 1 Unbuntu Privacy Remix | 2026-04-23 | N/A |
| UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays. | ||||
| CVE-2007-6395 | 1 Flat Php | 1 Board | 2026-04-23 | N/A |
| Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. | ||||
| CVE-2008-0215 | 1 Hp | 2 Storage Essentials Srm Enterprise, Storage Essentials Srm Standard | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors. | ||||
| CVE-2008-5127 | 1 Ocean12 Technologies | 1 Contact Manager | 2026-04-23 | N/A |
| Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. | ||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2026-04-23 | N/A |
| Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | ||||
| CVE-2009-0675 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. | ||||
| CVE-2007-6383 | 1 Chandler Project | 1 Chandler Server | 2026-04-23 | N/A |
| The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection. | ||||
| CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2026-04-23 | N/A |
| JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | ||||
| CVE-2008-6886 | 1 Rsa | 1 Envision | 2026-04-23 | N/A |
| RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks. | ||||
| CVE-2008-0585 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files. | ||||
| CVE-2008-3681 | 1 Joomla | 1 Com User | 2026-04-23 | N/A |
| components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. | ||||
| CVE-2007-4609 | 1 Eyeos Project | 1 Eyeos | 2026-04-23 | N/A |
| eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. | ||||
| CVE-2007-4600 | 1 Ptc | 1 Mathcad | 2026-04-23 | N/A |
| The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element. | ||||