Search Results (9530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7173 1 Juracapecoffee 2 Internet Connectivity Kit, Jura Impressa 2026-04-23 N/A
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
CVE-2007-6504 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
CVE-2009-0904 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.
CVE-2009-1599 2 Adobe, Opera 2 Acrobat Reader, Opera Browser 2026-04-23 N/A
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2008-5560 1 Dazzlindonna 1 Postecards 2026-04-23 N/A
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
CVE-2007-4403 1 Mirc 1 Plug-in For Winamp 2026-04-23 N/A
The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.
CVE-2007-6479 1 Dokeos 1 Dokeos 2026-04-23 N/A
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
CVE-2009-3258 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors.
CVE-2009-3281 2 Apple, Vmware 2 Mac Os X, Fusion 2026-04-23 N/A
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.
CVE-2009-1135 1 Microsoft 1 Isa Server 2026-04-23 N/A
Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
CVE-2008-0233 1 Zero Cms 1 Zero Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.
CVE-2008-5601 1 Robs-projects 1 Asp User Engine 2026-04-23 N/A
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
CVE-2007-6395 1 Flat Php 1 Board 2026-04-23 N/A
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/.
CVE-2008-2936 2 Postfix, Redhat 2 Postfix, Enterprise Linux 2026-04-23 N/A
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
CVE-2007-4799 1 Ibm 1 Aix 2026-04-23 N/A
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
CVE-2007-4138 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-23 N/A
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
CVE-2008-5572 1 Dotnetindex 1 Professional Download Assistant 2026-04-23 N/A
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
CVE-2007-3782 2 Mysql, Redhat 3 Community Server, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
CVE-2009-2602 1 R2newsletter 3 R2 Newsletter Lite, R2 Newsletter Pro, R2 Newsletter Stats 2026-04-23 N/A
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
CVE-2007-6598 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2026-04-23 N/A
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.