Vulnerabilities (CVE)

Filtered by CWE-264
Total 5466 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3375 1 Mozilla 1 Firefox 2025-04-09 4.3 MEDIUM N/A
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
CVE-2008-0215 1 Hp 2 Storage Essentials Srm Enterprise, Storage Essentials Srm Standard 2025-04-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.
CVE-2010-0310 1 Sun 1 Solaris 2025-04-09 6.8 MEDIUM N/A
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
CVE-2008-7173 1 Juracapecoffee 2 Internet Connectivity Kit, Jura Impressa 2025-04-09 10.0 HIGH N/A
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
CVE-2007-4649 1 Microworld Technologies 3 Escan Anti-virus, Escan Internet Security, Escan Virus Control 2025-04-09 7.2 HIGH N/A
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
CVE-2008-6701 1 Netscout 2 Ngenius Infinistream, Visualizer 2025-04-09 7.5 HIGH N/A
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.
CVE-2009-4091 1 Simplog 1 Simplog 2025-04-09 5.0 MEDIUM N/A
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
CVE-2008-0577 1 Drupal 1 Project Issue Tracking Module 2025-04-09 6.4 MEDIUM N/A
The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML.
CVE-2008-6960 1 X10media 1 X10 Automatic Mp3 Script 2025-04-09 5.0 MEDIUM N/A
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
CVE-2008-3105 1 Sun 2 Jdk, Jre 2025-04-09 8.3 HIGH N/A
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
CVE-2008-7076 1 Kalptaru Infotech 1 Stararticles 2025-04-09 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
CVE-2009-1078 1 Sun 1 Java System Identity Manager 2025-04-09 4.0 MEDIUM N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact.
CVE-2007-4647 1 2coolcode 1 Our Space 2025-04-09 5.0 MEDIUM N/A
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
CVE-2009-4520 2 Drupal, Kristof De Jaeger 2 Drupal, Commentreference 2025-04-09 5.0 MEDIUM N/A
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
CVE-2007-5237 1 Sun 2 Jdk, Jre 2025-04-09 7.1 HIGH N/A
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."
CVE-2007-4679 1 Apple 1 Mac Os X 2025-04-09 2.6 LOW N/A
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
CVE-2008-1998 2 Ibm, Microsoft 2 Db2, Windows 2025-04-09 8.5 HIGH N/A
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
CVE-2007-6503 1 Hosting Controller 1 Hosting Controller 2025-04-09 5.5 MEDIUM N/A
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
CVE-2008-1332 1 Asterisk 6 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 3 more 2025-04-09 8.8 HIGH N/A
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
CVE-2008-3527 1 Linux 1 Linux Kernel 2025-04-09 4.6 MEDIUM N/A
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.