Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4644 | 1 Mywebland | 1 Mystats | 2025-04-09 | 7.5 HIGH | N/A |
|
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
|
|||||
| CVE-2007-4798 | 1 Ibm | 1 Aix | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix".
|
|||||
| CVE-2009-1821 | 1 Dmxready | 1 Registration Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.
|
|||||
| CVE-2006-7223 | 1 Xwiki | 1 Xwiki | 2025-04-09 | 6.5 MEDIUM | N/A |
|
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
|
|||||
| CVE-2008-4109 | 2 Debian, Openbsd | 2 Linux, Openssh | 2025-04-09 | 5.0 MEDIUM | N/A |
|
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
|
|||||
| CVE-2007-5787 | 1 Phptoys | 1 Micro Login System | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.
|
|||||
| CVE-2008-6920 | 1 W2b | 1 Phpemployment | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/.
|
|||||
| CVE-2007-5857 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
|
|||||
| CVE-2007-5644 | 1 Lussumo | 1 Vanilla | 2025-04-09 | 7.5 HIGH | N/A |
|
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.
|
|||||
| CVE-2008-1484 | 1 Punbb | 1 Punbb | 2025-04-09 | 3.5 LOW | N/A |
|
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
|
|||||
| CVE-2007-5042 | 1 Agnitum | 1 Outpost Firewall | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160.
|
|||||
| CVE-2009-2818 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
|
|||||
| CVE-2007-6361 | 1 Gekkoware | 1 Gekko | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
|
|||||
| CVE-2008-4545 | 1 Cisco | 1 Unity | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.
|
|||||
| CVE-2009-0014 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
|
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder.
|
|||||
| CVE-2009-0024 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.
|
|||||
| CVE-2008-5462 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2008-1627 | 1 Cds Software Consortium | 1 Invenio | 2025-04-09 | 3.5 LOW | N/A |
|
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
|
|||||
| CVE-2008-1681 | 1 Ibm | 1 Db2 Content Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
|
|||||
| CVE-2006-6662 | 1 Suse | 3 Linux Enterprise Desktop, Suse Linux, Suse Open Enterprise Server | 2025-04-09 | 4.1 MEDIUM | N/A |
|
Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.
|
|||||
| CVE-2008-6770 | 1 Peterselie | 1 Yourplace | 2025-04-09 | 5.0 MEDIUM | N/A |
|
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt.
|
|||||
| CVE-2009-1883 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
|
|||||
| CVE-2009-2198 | 1 Apple | 1 Garageband | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.
|
|||||
| CVE-2008-5780 | 1 Hostforest | 1 Forest Blog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
|
|||||
| CVE-2009-1767 | 1 2daybiz | 1 Template Monster Clone | 2025-04-09 | 5.0 MEDIUM | N/A |
|
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
|
|||||
| CVE-2008-5121 | 4 Bluecoat, Cisco, Citrix and 1 more | 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
|
|||||
| CVE-2008-2940 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-09 | 7.2 HIGH | N/A |
|
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
|
|||||
| CVE-2007-0843 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
|
|||||
| CVE-2009-4606 | 1 South River Technologies | 1 Webdrive | 2025-04-09 | 7.2 HIGH | N/A |
|
South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
|
|||||
| CVE-2008-2314 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
|
|||||
| CVE-2007-2985 | 1 Pheap | 1 Pheap | 2025-04-09 | 10.0 HIGH | N/A |
|
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.
|
|||||
| CVE-2008-3528 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this cr ...
Show More |
|||||
| CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2025-04-09 | 5.0 MEDIUM | N/A |
|
cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."
|
|||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.
|
|||||
| CVE-2009-1665 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | 6.4 MEDIUM | N/A |
|
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
|
|||||
| CVE-2007-6499 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
|
|||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.
|
|||||
| CVE-2008-1033 | 1 Apple | 3 Cups, Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
|
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."
|
|||||
| CVE-2009-3258 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 9.0 HIGH | N/A |
|
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors.
|
|||||
| CVE-2008-1361 | 1 Vmware | 6 Ace, Player, Server and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.
|
|||||