Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7276 1 Otrs 1 Otrs 2025-04-11 N/A
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.
CVE-2007-6741 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
CVE-2007-6740 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
CVE-2007-6735 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.
CVE-2011-4118 1 Mahara 1 Mahara 2025-04-11 N/A
Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
CVE-2008-7295 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2008-7294 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2007-6734 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.
CVE-2013-6823 1 Sap 1 Netweaver 2025-04-11 N/A
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2004-2769 1 Cerberusftp 1 Ftp Server 2025-04-11 N/A
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
CVE-2004-2768 1 Debian 1 Dpkg 2025-04-11 N/A
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
CVE-2004-2767 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.
CVE-2002-2437 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-11 N/A
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
CVE-2009-4766 1 Yasirpro 1 Ms-pro Portal Scripti 2025-04-11 N/A
YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb.
CVE-2009-4799 1 Diskos 1 Diskos Cms 2025-04-11 N/A
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.
CVE-2009-4820 1 Aspindir 1 Angelo-emlak 2025-04-11 N/A
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
CVE-2009-4825 1 8pixel 1 Simple Blog 2025-04-11 N/A
8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb.
CVE-2009-4832 1 Deslock 1 Deslock\+ 2025-04-11 N/A
The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.
CVE-2009-4851 1 Xoops 1 Xoops 2025-04-11 N/A
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
CVE-2009-4874 1 Scripts.oldguy 1 Talkback 2025-04-11 N/A
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.