Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0399 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2026-04-23 | N/A |
| Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions. | ||||
| CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2026-04-23 | N/A |
| ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | ||||
| CVE-2008-5931 | 1 The Net Guys | 1 Aspired2blog | 2026-04-23 | N/A |
| The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6050 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." | ||||
| CVE-2008-5935 | 1 Factosystem | 1 Factosystem Weblog | 2026-04-23 | N/A |
| Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0498 | 1 Minitdesign | 1 Virtual Guestbook | 2026-04-23 | N/A |
| Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb. | ||||
| CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2026-04-23 | N/A |
| ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | ||||
| CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2026-04-23 | N/A |
| Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | ||||
| CVE-2008-3745 | 1 Drupal | 2 Drupal, Upload Module | 2026-04-23 | N/A |
| The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | ||||
| CVE-2008-1140 | 1 Deslock | 1 Deslock | 2026-04-23 | N/A |
| DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability. | ||||
| CVE-2008-6008 | 1 Herongyang | 1 Hybook | 2026-04-23 | N/A |
| hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb. | ||||
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2026-04-23 | N/A |
| dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2026-04-23 | N/A |
| Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | ||||
| CVE-2009-2077 | 2 Angrydonuts, Drupal | 2 Views, Drupal | 2026-04-23 | N/A |
| Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. | ||||
| CVE-2008-6799 | 1 Tufat | 1 Flashchat | 2026-04-23 | N/A |
| connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7." | ||||
| CVE-2009-1582 | 1 Kalptarudemos | 1 Million Dollar Text Links | 2026-04-23 | N/A |
| Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | ||||
| CVE-2007-4685 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | ||||
| CVE-2009-4262 | 1 Haroldbakker | 1 Hb-ns | 2026-04-23 | N/A |
| Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php. | ||||
| CVE-2009-4299 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | ||||
| CVE-2009-4301 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | ||||