Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-1931 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2024-08-07 | N/A |
Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. | ||||
CVE-2008-1993 | 1 Acidcat | 1 Acidcat Cms | 2024-08-07 | N/A |
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files. | ||||
CVE-2008-1937 | 1 Moinmoin | 1 Moinmoin | 2024-08-07 | N/A |
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges. | ||||
CVE-2008-1946 | 2 Gnu, Redhat | 2 Coreutils, Enterprise Linux | 2024-08-07 | N/A |
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | ||||
CVE-2008-1877 | 1 Debian | 1 Tss | 2024-08-07 | N/A |
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges. | ||||
CVE-2008-1834 | 1 Swfdec | 1 Swfdec | 2024-08-07 | N/A |
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file. | ||||
CVE-2008-1810 | 2 Linux, Sap | 2 Linux Kernel, Maxdb | 2024-08-07 | N/A |
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. | ||||
CVE-2008-1780 | 1 Sun | 1 Solaris | 2024-08-07 | N/A |
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. | ||||
CVE-2008-1731 | 2 3281d, Drupal | 2 Simple Access, Drupal | 2024-08-07 | N/A |
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | ||||
CVE-2008-1784 | 1 Prozilla | 1 Topsites | 2024-08-07 | N/A |
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. | ||||
CVE-2008-1710 | 1 Ibm | 1 Aix | 2024-08-07 | N/A |
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable. | ||||
CVE-2008-1783 | 1 Prozilla | 1 Reviews | 2024-08-07 | N/A |
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | ||||
CVE-2008-1668 | 1 Hp | 1 Hp-ux | 2024-08-07 | N/A |
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information. | ||||
CVE-2008-1692 | 1 Eterm | 1 Eterm | 2024-08-07 | N/A |
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | ||||
CVE-2008-1681 | 1 Ibm | 1 Db2 Content Manager | 2024-08-07 | N/A |
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege. | ||||
CVE-2008-1790 | 1 Iscripts | 1 Socialware | 2024-08-07 | N/A |
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | ||||
CVE-2008-1657 | 1 Openbsd | 1 Openssh | 2024-08-07 | N/A |
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. | ||||
CVE-2008-1627 | 1 Cds Software Consortium | 1 Invenio | 2024-08-07 | N/A |
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. | ||||
CVE-2008-1656 | 1 Adobe | 1 Coldfusion | 2024-08-07 | N/A |
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | ||||
CVE-2008-1625 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2024-08-07 | N/A |
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. |