Vulnerabilities (CVE)

Filtered by CWE-264
Total 5248 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5042 1 Agnitum 1 Outpost Firewall 2025-04-09 4.6 MEDIUM N/A
Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160.
CVE-2008-5596 1 Dotnetindex 1 Ikon Admanager 2025-04-09 5.0 MEDIUM N/A
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
CVE-2007-5919 1 Mywebftp 1 Mywebftp 2025-04-09 5.0 MEDIUM N/A
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt.
CVE-2008-6701 1 Netscout 2 Ngenius Infinistream, Visualizer 2025-04-09 7.5 HIGH N/A
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.
CVE-2008-0657 1 Sun 2 Jdk, Jre 2025-04-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
CVE-2008-0792 1 F-secure 8 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 5 more 2025-04-09 5.8 MEDIUM N/A
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
CVE-2008-1193 1 Sun 2 Jdk, Jre 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
CVE-2007-1150 1 Lovecms 1 Lovecms 2025-04-09 3.6 LOW N/A
Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.
CVE-2007-5987 1 Bti-tracker 1 Bti-tracker 2025-04-09 6.8 MEDIUM N/A
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
CVE-2008-5738 1 Nodstrum 1 Mysql Calendar 2025-04-09 7.5 HIGH N/A
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
CVE-2008-0998 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 6.9 MEDIUM N/A
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
CVE-2007-5254 1 Virusblokada 1 Vba32 Antivirus 2025-04-09 7.2 HIGH N/A
VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe.
CVE-2008-5673 1 Phparanoid 1 Phparanoid 2025-04-09 6.5 MEDIUM N/A
PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors.
CVE-2008-1362 1 Vmware 6 Ace, Player, Server and 3 more 2025-04-09 7.2 HIGH N/A
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
CVE-2008-4815 2 Adobe, Unix 3 Acrobat, Acrobat Reader, Unix 2025-04-09 7.5 HIGH N/A
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
CVE-2008-1448 1 Microsoft 2 Outlook Express, Windows Mail 2025-04-09 7.1 HIGH N/A
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
CVE-2008-4297 1 Mercurial 1 Mercurial 2025-04-09 5.0 MEDIUM N/A
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
CVE-2007-6209 2 Linux, Zsh 2 Linux Kernel, Zsh 2025-04-09 4.6 MEDIUM N/A
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2009-2371 2 Drupal, Michelle Cox 2 Drupal, Advanced Forum 2025-04-09 6.5 MEDIUM N/A
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
CVE-2009-2911 1 Systemtap 1 Systemtap 2025-04-09 1.9 LOW N/A
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.