Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4091 1 Simplog 1 Simplog 2026-04-23 N/A
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
CVE-2009-4112 1 Cacti 1 Cacti 2026-04-23 N/A
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
CVE-2009-4146 1 Freebsd 1 Freebsd 2026-04-23 N/A
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.
CVE-2009-4147 1 Freebsd 1 Freebsd 2026-04-23 N/A
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
CVE-2009-4211 2 Disa, Sun 2 Srr For Solaris, Solaris 2026-04-23 N/A
The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.
CVE-2009-4215 2 Microsoft, Pandasecurity 6 Windows 7, Windows Vista, Windows Xp and 3 more 2026-04-23 N/A
Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs.
CVE-2009-4235 1 Tim Hockin 1 Acpid 2026-04-23 N/A
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.
CVE-2007-4651 1 Adobe 1 Connect Enterprise Server 2026-04-23 N/A
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
CVE-2006-4572 1 Linux 1 Linux Kernel 2026-04-23 N/A
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
CVE-2007-1072 1 Cisco 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more 2026-04-23 N/A
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.
CVE-2007-4569 2 Kde, Redhat 2 Kde, Enterprise Linux 2026-04-23 N/A
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
CVE-2007-4564 1 Hitachi 7 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Electronic Form Workflow - Standard Set and 4 more 2026-04-23 N/A
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.
CVE-2007-0436 1 Barron Mccann 4 Install, X-kryptor Driver, X-kryptor Secure Client and 1 more 2026-04-23 N/A
Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.
CVE-2006-6683 1 Pedro Lineu Orso 1 Chetcpasswd 2026-04-23 N/A
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
CVE-2007-0998 2 Redhat, Xen 3 Enterprise Linux, Fedora Core, Qemu 2026-04-23 N/A
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
CVE-2008-4578 1 Dovecot 1 Dovecot 2026-04-23 N/A
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
CVE-2009-2056 1 Cisco 1 Ios Xr 2026-04-23 N/A
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
CVE-2009-2075 2 Angrydonuts, Drupal 2 Nodequeue, Drupal 2026-04-23 N/A
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.
CVE-2008-2062 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
CVE-2008-3631 1 Apple 1 Ipod Touch 2026-04-23 N/A
Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.