Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0329 1 Julien Plesniak 1 Lulieblog 2026-04-23 N/A
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
CVE-2008-0293 1 Freeseat 1 Freeseat 2026-04-23 N/A
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.
CVE-2009-4558 2 Drupal, Unleashedmind 2 Drupal, Img Assist 2026-04-23 N/A
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors.
CVE-2009-4585 1 Aspindir 1 Uranyumsoft Listing Service 2026-04-23 N/A
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.
CVE-2009-4556 1 Quickheal 2 Antivirus Plus 2009, Total Security 2009 2026-04-23 N/A
Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe.
CVE-2009-4545 1 Logoshows 1 Logoshows Bbs 2026-04-23 N/A
Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb.
CVE-2009-4520 2 Drupal, Kristof De Jaeger 2 Drupal, Commentreference 2026-04-23 N/A
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
CVE-2009-4526 2 Drupal, Joao Ventura 2 Drupal, Print 2026-04-23 N/A
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.
CVE-2009-4515 2 Drupal, Speedtech 2 Drupal, Storm 2026-04-23 N/A
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
CVE-2009-4502 3 Freebsd, Sun, Zabbix 3 Freebsd, Solaris, Zabbix 2026-04-23 N/A
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
CVE-2009-4112 1 Cacti 1 Cacti 2026-04-23 N/A
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
CVE-2009-4131 1 Linux 1 Linux Kernel 2026-04-23 N/A
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
CVE-2009-4091 1 Simplog 1 Simplog 2026-04-23 N/A
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
CVE-2009-4044 2 Bruno Massa, Drupal 2 Web Services, Drupal 2026-04-23 N/A
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors.
CVE-2008-0135 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
CVE-2008-0145 1 Php 1 Php 2026-04-23 N/A
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
CVE-2008-7095 1 Arubanetworks 2 Aruba Mobility Controller, Arubaos 2026-04-23 N/A
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
CVE-2009-3596 1 Joxtechnology 1 Ajox Poll 2026-04-23 N/A
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
CVE-2009-3558 1 Php 1 Php 2026-04-23 N/A
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
CVE-2009-3557 1 Php 1 Php 2026-04-23 N/A
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.