Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2171 | 1 Mahara | 1 Mahara | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
|
|||||
| CVE-2007-4967 | 1 Online Armor | 1 Personal Firewall | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenP ...
Show More |
|||||
| CVE-2008-3110 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet.
|
|||||
| CVE-2009-0469 | 1 Futomis Cgi Cafe | 1 Fulltext Search Cgi | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.
|
|||||
| CVE-2008-0697 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
|
|||||
| CVE-2008-7167 | 1 Sami Ekblad | 1 Page Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
|
|||||
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0588 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2007-5237 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.1 HIGH | N/A |
|
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."
|
|||||
| CVE-2008-3609 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
|
|||||
| CVE-2007-5900 | 1 Php | 1 Php | 2025-04-09 | 6.9 MEDIUM | N/A |
|
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
|
|||||
| CVE-2007-5665 | 1 Novell | 1 Zenworks Endpoint Security Management | 2025-04-09 | 7.2 HIGH | N/A |
|
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.
|
|||||
| CVE-2007-6479 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
|
|||||
| CVE-2008-1790 | 1 Iscripts | 1 Socialware | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
|
|||||
| CVE-2008-4791 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.0 MEDIUM | N/A |
|
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.
|
|||||
| CVE-2009-4112 | 1 Cacti | 1 Cacti | 2025-04-09 | 9.0 HIGH | N/A |
|
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
|
|||||
| CVE-2008-7080 | 1 Phpclassifiedsscript | 1 Php Classifieds Script | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
|
|||||
| CVE-2009-2091 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2008-0275 | 1 Drupal | 1 Atom Module | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.
|
|||||
| CVE-2008-0862 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 4.3 MEDIUM | N/A |
|
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection.
|
|||||
| CVE-2009-0536 | 1 Ibm | 1 Aix | 2025-04-09 | 4.9 MEDIUM | N/A |
|
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
|
|||||
| CVE-2007-5062 | 1 Adam Scheinberg | 1 Flip | 2025-04-09 | 7.5 HIGH | N/A |
|
account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action.
|
|||||
| CVE-2008-1877 | 1 Debian | 1 Tss | 2025-04-09 | 2.1 LOW | N/A |
|
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
|
|||||
| CVE-2009-1597 | 2 Adobe, Mozilla | 2 Acrobat Reader, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
|
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's positio ...
Show More |
|||||
| CVE-2007-6503 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
|
|||||
| CVE-2008-6963 | 1 Turnkeyforms | 1 Text Link Sales | 2025-04-09 | 7.5 HIGH | N/A |
|
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.
|
|||||
| CVE-2009-4211 | 2 Disa, Sun | 2 Srr For Solaris, Solaris | 2025-04-09 | 9.3 HIGH | N/A |
|
The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.
|
|||||
| CVE-2008-3527 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
|
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
|
|||||
| CVE-2008-7062 | 1 Lovecms | 1 Lovecms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
|
|||||
| CVE-2008-3000 | 1 Drupal | 1 Aggregation Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
|
|||||
| CVE-2009-2813 | 3 Apple, Fedoraproject, Samba | 4 Mac Os X, Mac Os X Server, Fedora and 1 more | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
|
|||||
| CVE-2008-5133 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 5.8 MEDIUM | N/A |
|
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
|
|||||
| CVE-2008-4915 | 1 Vmware | 6 Ace, Esx, Esxi and 3 more | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
|
|||||
| CVE-2008-2174 | 1 Shelter Manager | 1 Animal Shelter Manager | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing."
|
|||||
| CVE-2008-6619 | 1 Netlab | 1 Classsystem | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/.
|
|||||
| CVE-2009-0240 | 1 Tigris | 1 Websvn | 2025-04-09 | 3.5 LOW | N/A |
|
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
|
|||||
| CVE-2007-4937 | 1 Comscripts | 1 Cs Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.
|
|||||
| CVE-2009-0169 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.
|
|||||
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2025-04-09 | 6.4 MEDIUM | N/A |
|
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6954 | 1 Michael Dehaan | 1 Cobbler | 2025-04-09 | 9.0 HIGH | N/A |
|
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
|
|||||