Filtered by CWE-264
Total 5468 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-6382 1 Aspportal 1 Aspportal 2025-04-09 N/A
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
CVE-2008-5673 1 Phparanoid 1 Phparanoid 2025-04-09 N/A
PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors.
CVE-2008-5130 1 Ocean12 Technologies 1 Calendar Manager 2025-04-09 N/A
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
CVE-2007-2279 1 Symantec 1 Veritas Storage Foundation 2025-04-09 N/A
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
CVE-2008-5129 1 Ocean12 Technologies 1 Poll Manager 2025-04-09 N/A
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
CVE-2008-5128 1 Ocean12 Technologies 1 Membership Manager Pro 2025-04-09 N/A
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
CVE-2008-5027 2 Nagios, Op5 2 Nagios, Monitor 2025-04-09 N/A
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
CVE-2007-6479 1 Dokeos 1 Dokeos 2025-04-09 N/A
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
CVE-2008-4831 1 Adobe 1 Coldfusion 2025-04-09 N/A
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.
CVE-2008-4512 1 Designplace 1 Asp\/ms Access Shoutbox 2025-04-09 N/A
ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2008-4511 1 Todd Woolums 1 Asp News Management 2025-04-09 N/A
Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2008-4484 1 Crux Software 1 Gallery 2025-04-09 N/A
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
CVE-2008-4415 1 Hp 1 Service Manager 2025-04-09 N/A
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.
CVE-2008-2539 1 Sun 1 Cluster 2025-04-09 N/A
The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors.
CVE-2008-4215 1 Apple 1 Mac Os X Server 2025-04-09 N/A
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.
CVE-2008-4214 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.
CVE-2007-6501 1 Hosting Controller 1 Hosting Controller 2025-04-09 N/A
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
CVE-2009-0043 1 Ca 2 Service Level Management, Service Metric Analysis 2025-04-09 N/A
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2008-4153 1 Drupal 1 Talk 2025-04-09 N/A
The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information.
CVE-2007-1227 1 Mcafee 1 Virex 2025-04-09 N/A
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.