Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1332 | 1 Asterisk | 6 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 3 more | 2025-04-09 | 8.8 HIGH | N/A |
|
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
|
|||||
| CVE-2008-4414 | 1 Hp | 1 Tru64 | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2008-3876 | 1 Apple | 1 Iphone | 2025-04-09 | 1.9 LOW | N/A |
|
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.
|
|||||
| CVE-2009-3525 | 1 Xen | 1 Xen | 2025-04-09 | 7.2 HIGH | N/A |
|
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.
|
|||||
| CVE-2009-4147 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 7.2 HIGH | N/A |
|
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
|
|||||
| CVE-2007-0004 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 1.9 LOW | N/A |
|
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. ...
Show More |
|||||
| CVE-2008-1614 | 1 Sebastian Marsching | 1 Suphp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.
|
|||||
| CVE-2008-3970 | 1 Pam Mount | 1 Pam Mount | 2025-04-09 | 6.9 MEDIUM | N/A |
|
pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.
|
|||||
| CVE-2009-0828 | 1 Freedville | 1 Quotebook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
|
|||||
| CVE-2009-0171 | 1 Sun | 1 Sparc Enterprise Server | 2025-04-09 | 10.0 HIGH | N/A |
|
The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact.
|
|||||
| CVE-2009-0078 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
|
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
|
|||||
| CVE-2008-7024 | 1 Arzdev | 2 Gemini Lite, Gemini Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
|
|||||
| CVE-2007-6504 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
|
|||||
| CVE-2008-4511 | 1 Todd Woolums | 1 Asp News Management | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
|
|||||
| CVE-2009-2461 | 1 Forkosh | 1 Mathtex | 2025-04-09 | 7.2 HIGH | N/A |
|
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
|
|||||
| CVE-2006-5909 | 1 Paul Tarjan | 1 Stanford Conference And Research Forum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.
|
|||||
| CVE-2009-0344 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.
|
|||||
| CVE-2007-5401 | 1 Layton Technology | 1 Helpbox | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions.
|
|||||
| CVE-2007-1227 | 1 Mcafee | 1 Virex | 2025-04-09 | 6.6 MEDIUM | N/A |
|
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
|
|||||
| CVE-2008-1995 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
|
|||||
| CVE-2008-5687 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 5.0 MEDIUM | N/A |
|
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
|
|||||
| CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2025-04-09 | 5.0 MEDIUM | N/A |
|
internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3454 | 1 Jnshosts | 1 Php Hosting Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
|
|||||
| CVE-2009-0941 | 1 Hp | 154 8100c Digital Sender, 9100c Digital Sender, 9200c Digital Sender and 151 more | 2025-04-09 | 7.6 HIGH | N/A |
|
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
|
|||||
| CVE-2008-3875 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.2 HIGH | N/A |
|
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.
|
|||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 1.9 LOW | N/A |
|
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.
|
|||||
| CVE-2009-0732 | 1 Lingx | 1 Downloadcenter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1255 | 1 Zyxel | 1 P-660hw | 2025-04-09 | 10.0 HIGH | N/A |
|
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.
|
|||||
| CVE-2008-0898 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
|
|||||
| CVE-2007-6174 | 1 Phpdevshell | 1 Phpdevshell | 2025-04-09 | 8.5 HIGH | N/A |
|
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3122 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
|
|||||
| CVE-2009-1495 | 1 Webfileexplorer | 1 Web File Explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.
|
|||||
| CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
|
|||||
| CVE-2008-0046 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.
|
|||||
| CVE-2008-2551 | 1 Icona | 1 Instant Messenger | 2025-04-09 | 9.3 HIGH | N/A |
|
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."
|
|||||
| CVE-2007-1045 | 1 Malbum | 1 Malbum | 2025-04-09 | 10.0 HIGH | N/A |
|
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
|
|||||
| CVE-2008-3096 | 1 Drupal | 1 Outline Designer Module | 2025-04-09 | 6.5 MEDIUM | N/A |
|
The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.
|
|||||
| CVE-2008-5980 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
|
|||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2025-04-09 | 2.1 LOW | N/A |
|
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
|
|||||
| CVE-2009-0365 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
|
|||||