Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-264
Total 5279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3876 1 Apple 1 Iphone 2008-09-16 1.9 LOW N/A
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.
CVE-2007-2975 1 Ignite Realtime 1 Openfire 2008-09-09 7.5 HIGH N/A
The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.
CVE-2008-3376 1 Jamroom 1 Jamroom 2008-09-05 10.0 HIGH N/A
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
CVE-2008-1132 1 Net Activity Viewer 1 Net Activity Viewer 2008-09-05 4.7 MEDIUM N/A
Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.
CVE-2008-0931 2 Debian, Xwine 2 Debian Linux, Xwine 2008-09-05 6.3 MEDIUM N/A
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.
CVE-2008-0731 3 Linux, Novell, Suse 3 Linux Kernel, Apparmor, Open Suse 2008-09-05 7.5 HIGH N/A
The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task.
CVE-2008-0777 1 Freebsd 1 Freebsd 2008-09-05 4.9 MEDIUM N/A
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
CVE-2008-0162 2 Debian, Sam Lantinga 2 Debian Linux, Splitvt 2008-09-05 7.2 HIGH N/A
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.
CVE-2007-6470 1 Phprpg 1 Phprpg 2008-09-05 6.4 MEDIUM N/A
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
CVE-2007-6675 1 Xoops 1 Xoops 2008-09-05 5.0 MEDIUM N/A
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.
CVE-2007-5757 1 Ibm 1 Db2 Universal Database 2008-09-05 6.9 MEDIUM N/A
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.
CVE-2007-5159 3 Ntfs-3g, Redhat, Ubuntu 3 Ntfs-3g, Fedora, Ubuntu Linux 2008-09-05 4.6 MEDIUM N/A
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
CVE-2007-4849 1 One Laptop Per Child 1 Olpc Linux 2008-09-05 4.4 MEDIUM N/A
JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.
CVE-2007-4669 1 Firebirdsql 1 Firebird 2008-09-05 4.0 MEDIUM N/A
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
CVE-2007-0004 1 Redhat 1 Enterprise Linux 2008-09-05 1.9 LOW N/A
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.
CVE-2006-7223 1 Xwiki 1 Xwiki 2008-09-05 6.5 MEDIUM N/A
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
CVE-2006-6662 1 Suse 3 Linux Enterprise Desktop, Suse Linux, Suse Open Enterprise Server 2008-09-05 4.1 MEDIUM N/A
Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.
CVE-2004-2718 1 Php Heaven 1 Phpmychat 2008-09-05 4.3 MEDIUM N/A
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
CVE-2003-1474 1 Freebsd 1 Slashem-tty 2008-09-05 7.2 HIGH N/A
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
CVE-2004-0041 1 Mod Auth Shadow 1 Mod Auth Shadow 2008-09-05 7.5 HIGH N/A
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.