Export limit exceeded: 365085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1186 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2026-04-23 N/A
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue."
CVE-2007-6470 1 Phprpg 1 Phprpg 2026-04-23 N/A
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
CVE-2007-6350 1 Scponly 1 Scponly 2026-04-23 N/A
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
CVE-2008-1142 7 Aterm, Eterm, Mrxvt and 4 more 7 Aterm, Eterm, Mrxvt and 4 more 2026-04-23 N/A
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2007-3007 1 Php 1 Php 2026-04-23 N/A
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
CVE-2007-6222 1 Crm Ctt 1 Interleave 2026-04-23 N/A
The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information.
CVE-2009-0801 1 Squid 1 Squid Web Proxy Cache 2026-04-23 N/A
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVE-2009-0806 1 Opengoo 1 Opengoo 2026-04-23 N/A
Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors.
CVE-2009-0807 1 Zfeeder 1 Zfeeder 2026-04-23 N/A
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.
CVE-2009-0827 1 Freedville 1 Pollhelper 2026-04-23 N/A
PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
CVE-2009-0828 1 Freedville 1 Quotebook 2026-04-23 N/A
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
CVE-2008-2338 1 Interspire 1 Activekb 2026-04-23 N/A
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
CVE-2008-1140 1 Deslock 1 Deslock 2026-04-23 N/A
DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.
CVE-2008-3681 1 Joomla 1 Com User 2026-04-23 N/A
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
CVE-2007-6209 2 Linux, Zsh 2 Linux Kernel, Zsh 2026-04-23 N/A
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2008-4992 1 Sun 13 Blade T6300 Server, Blade T6320 Server, Fire Enterprise Server T1000 and 10 more 2026-04-23 N/A
The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors.
CVE-2007-1036 1 Jboss 1 Jboss Application Server 2026-04-23 N/A
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
CVE-2008-0581 1 Moernaut 2 Lsrunase, Supercrypt 2026-04-23 N/A
Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch.
CVE-2007-6048 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2026-04-23 N/A
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2008-0573 1 Safenet 3 Ipsecdrv.sys, Safenet Highassurance Remote, Softremote Vpn Client 2026-04-23 N/A
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request.