Search Results (9530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2911 1 Systemtap 1 Systemtap 2026-04-23 N/A
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.
CVE-2009-0249 1 Katywhitton 1 Rankem 2026-04-23 N/A
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
CVE-2008-5562 1 Aspapps 1 Aspportal 2026-04-23 N/A
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
CVE-2009-2443 1 Siteframe 1 Siteframe Cms 2026-04-23 N/A
Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2008-5549 1 Sun 1 Java System Portal Server 2026-04-23 N/A
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."
CVE-2008-5516 3 Git, Git-scm, Rpath 3 Git, Git, Linux 2026-04-23 N/A
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.
CVE-2008-5512 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
CVE-2008-5597 1 Cold Bbs 1 Cold Bbs 2026-04-23 N/A
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.
CVE-2008-5601 1 Robs-projects 1 Asp User Engine 2026-04-23 N/A
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
CVE-2008-5603 1 Aspapps 1 Aspticker 2026-04-23 N/A
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
CVE-2009-2854 1 Wordpress 1 Wordpress 2026-04-23 N/A
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.
CVE-2008-5897 1 Codeavalanche 1 Freewallpaper 2026-04-23 N/A
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.
CVE-2009-3369 1 Backuppc 1 Backuppc 2026-04-23 N/A
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
CVE-2008-5901 1 Iyziforum 1 Iyzi Forum 2026-04-23 N/A
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information.
CVE-2009-2960 1 Cuteflow 1 Cuteflow 2026-04-23 N/A
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
CVE-2009-0807 1 Zfeeder 1 Zfeeder 2026-04-23 N/A
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.
CVE-2009-3374 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
CVE-2008-5951 1 Aspapps 1 Template Creature 2026-04-23 N/A
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
CVE-2009-3375 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
CVE-2008-6008 1 Herongyang 1 Hybook 2026-04-23 N/A
hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.