Export limit exceeded: 359385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5347 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | ||||
| CVE-2008-7216 | 1 Wordpress | 1 Peter\'s Math Anti-spam For Wordpress | 2026-04-23 | N/A |
| Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | ||||
| CVE-2008-6054 | 1 Preprojects.com | 1 Pre Courier And Cargo Business | 2026-04-23 | N/A |
| PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2007-5439 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2026-04-23 | N/A |
| CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors. | ||||
| CVE-2008-0998 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | ||||
| CVE-2008-5592 | 1 Iwrite | 1 Nightfall Personal Diary | 2026-04-23 | N/A |
| Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. | ||||
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2026-04-23 | N/A |
| Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | ||||
| CVE-2007-0998 | 2 Redhat, Xen | 3 Enterprise Linux, Fedora Core, Qemu | 2026-04-23 | N/A |
| The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4650 | 1 Bharat Mediratta | 1 Gallery | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. | ||||
| CVE-2009-1051 | 1 Chaozz | 1 Fubarforum | 2026-04-23 | N/A |
| FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | ||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2026-04-23 | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | ||||
| CVE-2006-4572 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." | ||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2026-04-23 | N/A |
| Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. | ||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2026-04-23 | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | ||||
| CVE-2008-6293 | 1 Accscripts | 1 Acc Real Estate | 2026-04-23 | N/A |
| admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | ||||
| CVE-2007-6200 | 3 Redhat, Rsync, Slackware | 3 Enterprise Linux, Rsync, Slackware Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. | ||||
| CVE-2008-0217 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. | ||||
| CVE-2008-0889 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2026-04-23 | N/A |
| Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. | ||||
| CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2026-04-23 | N/A |
| Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | ||||
| CVE-2007-5447 | 2 Ioncube, Php | 2 Php Encoder, Php | 2026-04-23 | N/A |
| ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function. | ||||