Export limit exceeded: 334091 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3989 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. | ||||
| CVE-2009-4648 | 1 Accellion | 1 Secure File Transfer Appliance | 2025-04-11 | N/A |
| Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command. | ||||
| CVE-2009-4760 | 1 Winn | 1 Asp Guestbook | 2025-04-11 | N/A |
| Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb. | ||||
| CVE-2009-4765 | 1 Cnr.somee | 1 Hikaye Portal | 2025-04-11 | N/A |
| CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb. | ||||
| CVE-2009-4766 | 1 Yasirpro | 1 Ms-pro Portal Scripti | 2025-04-11 | N/A |
| YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb. | ||||
| CVE-2009-4832 | 1 Deslock | 1 Deslock\+ | 2025-04-11 | N/A |
| The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device. | ||||
| CVE-2009-4851 | 1 Xoops | 1 Xoops | 2025-04-11 | N/A |
| The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. | ||||
| CVE-2009-4874 | 1 Scripts.oldguy | 1 Talkback | 2025-04-11 | N/A |
| TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments. | ||||
| CVE-2009-4876 | 1 Netrix | 1 Netrix Cms | 2025-04-11 | N/A |
| admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter. | ||||
| CVE-2009-4904 | 1 Dootzky | 1 Oblog | 2025-04-11 | N/A |
| article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action. | ||||
| CVE-2009-4913 | 1 Cisco | 1 Asa 5580 | 2025-04-11 | N/A |
| The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. | ||||
| CVE-2009-4997 | 1 Gnome | 1 Power Manager | 2025-04-11 | N/A |
| gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. | ||||
| CVE-2009-4998 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2009-5002 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | ||||
| CVE-2009-5008 | 1 Cisco | 1 Secure Desktop | 2025-04-11 | N/A |
| Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | ||||
| CVE-2009-5019 | 1 Webwiz | 1 Web Wiz Newspad | 2025-04-11 | N/A |
| Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. | ||||
| CVE-2009-5054 | 1 Smarty | 1 Smarty | 2025-04-11 | N/A |
| Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations. | ||||
| CVE-2009-5055 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. | ||||
| CVE-2010-0215 | 1 Activecollab | 1 Activecollab | 2025-04-11 | N/A |
| ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | ||||
| CVE-2010-0212 | 2 Openldap, Redhat | 2 Openldap, Enterprise Linux | 2025-04-11 | N/A |
| OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | ||||