| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| 8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header. |
| Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. |
| JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1. |
| Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. |
| Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. |
| verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. |
| Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160. |
| admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. |
| AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. |
| Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. |
| The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors. |
| Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." |
| admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts. |
| tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges. |
| Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. |
| Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. |
| Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. |
| Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. |
