Search Results (9529 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4701 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
CVE-2008-6001 1 Adnforum 1 Adnforum 2026-04-23 N/A
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string.
CVE-2008-4789 1 Drupal 1 Drupal 2026-04-23 N/A
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
CVE-2009-2793 1 Netbsd 1 Netbsd 2026-04-23 N/A
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
CVE-2008-1790 1 Iscripts 1 Socialware 2026-04-23 N/A
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
CVE-2009-0904 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.
CVE-2010-0310 1 Sun 1 Solaris 2026-04-23 N/A
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
CVE-2008-2271 1 Site Documentation Project 1 Site Documentation 2026-04-23 N/A
The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.
CVE-2008-5603 1 Aspapps 1 Aspticker 2026-04-23 N/A
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
CVE-2009-2717 2 Microsoft, Sun 2 Windows 2000, Java Se 2026-04-23 N/A
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
CVE-2008-3172 1 Opera 1 Opera 2026-04-23 N/A
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
CVE-2008-1877 1 Debian 1 Tss 2026-04-23 N/A
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
CVE-2008-3745 1 Drupal 2 Drupal, Upload Module 2026-04-23 N/A
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
CVE-2008-0045 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
CVE-2009-0411 1 Google 1 Chrome 2026-04-23 N/A
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
CVE-2009-0090 1 Microsoft 7 .net Framework, Windows 2000, Windows 7 and 4 more 2026-04-23 N/A
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
CVE-2009-2198 1 Apple 1 Garageband 2026-04-23 N/A
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.
CVE-2009-2160 1 Torrenttrader 1 Torrenttrader Classic 2026-04-23 N/A
TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php.
CVE-2007-4436 1 Drupal 2 Project, Project Issue Tracking Module 2026-04-23 N/A
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.
CVE-2009-3525 2 Redhat, Xen 2 Enterprise Linux, Xen 2026-04-23 N/A
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.