Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5385 1 Ibm 1 Aix 2026-04-23 N/A
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.
CVE-2008-3454 1 Jnshosts 1 Php Hosting Directory 2026-04-23 N/A
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
CVE-2009-2766 1 Dd-wrt 1 Dd-wrt 2026-04-23 N/A
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
CVE-2008-2682 1 Realm Project 1 Realm Cms 2026-04-23 N/A
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVE-2007-6383 1 Chandler Project 1 Chandler Server 2026-04-23 N/A
The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection.
CVE-2008-2824 1 Xerox 1 Workcentre 2026-04-23 N/A
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.
CVE-2008-0697 1 Ibm 1 Db2 2026-04-23 N/A
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
CVE-2007-5919 1 Mywebftp 1 Mywebftp 2026-04-23 N/A
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt.
CVE-2007-6709 1 Linksys 1 Wag54gs 2026-04-23 N/A
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
CVE-2008-3046 1 Typo3 1 Packman Extension 2026-04-23 N/A
Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2008-3047 1 Typo3 1 Kb Unpack Extension 2026-04-23 N/A
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2008-0900 2 Bea, Bea Systems 2 Weblogic Server, Weblogic Express 2026-04-23 N/A
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
CVE-2007-6334 2 Ingres, Microsoft 2 Ingres, Windows Nt 2026-04-23 N/A
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
CVE-2009-0436 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.
CVE-2006-6662 1 Suse 3 Linux Enterprise Desktop, Suse Linux, Suse Open Enterprise Server 2026-04-23 N/A
Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.
CVE-2008-3485 1 Citrix 2 Metaframe Presentation Server, Xp 2026-04-23 N/A
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
CVE-2008-5617 1 Rsyslog 1 Rsyslog 2026-04-23 N/A
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
CVE-2008-3855 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.
CVE-2008-1193 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2026-04-23 N/A
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
CVE-2008-3890 2 Amd, Freebsd 2 Amd64, Freebsd 2026-04-23 N/A
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.