Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1810 2 Linux, Sap 2 Linux Kernel, Maxdb 2026-04-23 N/A
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.
CVE-2008-1877 1 Debian 1 Tss 2026-04-23 N/A
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
CVE-2007-6246 3 Adobe, Linux, Redhat 3 Flash Player, Linux Kernel, Rhel Extras 2026-04-23 N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
CVE-2007-0004 1 Redhat 1 Enterprise Linux 2026-04-23 N/A
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.
CVE-2007-0436 1 Barron Mccann 4 Install, X-kryptor Driver, X-kryptor Secure Client and 1 more 2026-04-23 N/A
Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.
CVE-2007-0471 1 Checkpoint 1 Connectra Ngx 2026-04-23 N/A
sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.
CVE-2007-0541 1 Wordpress 1 Wordpress 2026-04-23 N/A
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.
CVE-2007-0729 1 Apple 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server 2026-04-23 N/A
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2008-1473 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
CVE-2008-1475 1 Roundup-tracker 1 Roundup 2026-04-23 N/A
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
CVE-2008-1483 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-23 N/A
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
CVE-2008-1484 1 Punbb 1 Punbb 2026-04-23 N/A
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
CVE-2008-1834 1 Swfdec 1 Swfdec 2026-04-23 N/A
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
CVE-2008-1515 1 Otrs 1 Otrs 2026-04-23 N/A
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
CVE-2008-1521 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html.
CVE-2008-1572 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
CVE-2008-1592 3 Hp, Ibm, Tandem Computers 3 Nonstop, Websphere Mq, Tandem Operating System 2026-04-23 N/A
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
CVE-2008-1593 1 Ibm 1 Aix 2026-04-23 N/A
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
CVE-2008-1595 1 Ibm 1 Aix 2026-04-23 N/A
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
CVE-2008-1596 1 Ibm 1 Aix 2026-04-23 N/A
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.