Search Results (9543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3567 1 Ibm 1 Tivoli Directory Server 2026-04-16 N/A
slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors.
CVE-2005-2819 1 Eric Fichot 1 Downfile 2026-04-16 N/A
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.
CVE-2005-2741 2 Apple, Perry Kiehtreiber 3 Mac Os X, Mac Os X Server, Securityd 2026-04-16 N/A
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
CVE-2005-1426 1 Uapplication 1 Ublog 2026-04-16 N/A
Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb).
CVE-2005-1425 1 Uapplication 1 Uguestbook 2026-04-16 N/A
Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb.
CVE-2005-0244 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.
CVE-2005-0139 1 Sgi 1 Irix 2026-04-16 N/A
Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities.
CVE-2004-1193 1 Prevx 1 Prevx Home 2026-04-16 N/A
Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.
CVE-2004-1029 5 Conectiva, Gentoo, Hp and 2 more 8 Linux, Linux, Hp-ux and 5 more 2026-04-16 N/A
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
CVE-2003-1460 1 Ralf Hoffmann 1 Worker Filemanager 2026-04-16 N/A
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
CVE-2006-4476 1 Joomla 1 Joomla 2026-04-16 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
CVE-2006-4475 1 Joomla 1 Joomla 2026-04-16 N/A
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
CVE-2006-4302 1 Sun 2 J2se, Java Web Start 2026-04-16 N/A
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities.
CVE-2005-2072 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
CVE-2005-2929 2 Redhat, University Of Kansas 2 Enterprise Linux, Lynx 2026-04-16 N/A
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
CVE-2005-2936 1 Realnetworks 2 Realone Player, Realplayer 2026-04-16 N/A
Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
CVE-2005-2932 1 Checkpoint 2 Zonealarm, Zonealarm Security Suite 2026-04-16 N/A
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.
CVE-2005-2938 1 Apple 1 Itunes 2026-04-16 N/A
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
CVE-2004-1767 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
CVE-2006-4640 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-16 N/A
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.