Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1376 | 1 Redhat | 2 Enterprise Linux, Nfs Utils | 2025-04-09 | 7.5 HIGH | N/A |
|
A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2009-0355 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.4 MEDIUM | N/A |
|
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
|
|||||
| CVE-2008-5855 | 1 Myphpscripts | 1 Login Session | 2025-04-09 | 5.0 MEDIUM | N/A |
|
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.
|
|||||
| CVE-2008-4552 | 1 Nfs | 1 Nfs-utils | 2025-04-09 | 7.5 HIGH | N/A |
|
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.
|
|||||
| CVE-2007-4850 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
|
|||||
| CVE-2007-6050 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
|
|||||
| CVE-2008-2078 | 1 Robocode | 1 Robocode | 2025-04-09 | 7.5 HIGH | N/A |
|
Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue.
|
|||||
| CVE-2009-2793 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
|
|||||
| CVE-2009-3286 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
|
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
|
|||||
| CVE-2007-6709 | 1 Linksys | 1 Wag54gs | 2025-04-09 | 7.5 HIGH | N/A |
|
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
|
|||||
| CVE-2008-2420 | 1 Stunnel | 1 Stunnel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
|
|||||
| CVE-2008-3826 | 1 Condor Project | 1 Condor | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.
|
|||||
| CVE-2007-4739 | 1 Debian | 1 Reprepro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
|
|||||
| CVE-2007-5087 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded.
|
|||||
| CVE-2008-4581 | 1 Ibm | 1 Enovia Smarteam | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view.
|
|||||
| CVE-2007-4138 | 1 Samba | 1 Samba | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
|
|||||
| CVE-2009-3108 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
|
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
|
|||||
| CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4651 | 1 Adobe | 1 Connect Enterprise Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
|
|||||
| CVE-2008-5128 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
|
|||||
| CVE-2008-3747 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
|
|||||
| CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
|
|||||
| CVE-2007-6495 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 6.5 MEDIUM | N/A |
|
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and t ...
Show More |
|||||
| CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb.
|
|||||
| CVE-2008-1625 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2025-04-09 | 6.8 MEDIUM | N/A |
|
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
|
|||||
| CVE-2008-0740 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
|
IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2007-0981 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 7.5 HIGH | N/A |
|
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
|
|||||
| CVE-2007-5945 | 1 Usvn | 1 User-friendly Svn | 2025-04-09 | 5.0 MEDIUM | N/A |
|
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
|
|||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.
|
|||||
| CVE-2008-7219 | 1 Horde | 5 Groupware, Groupware Webmail Edition, Kronolith H3 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
|
|||||
| CVE-2007-5023 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
|
|||||
| CVE-2008-1142 | 7 Aterm, Eterm, Mrxvt and 4 more | 7 Aterm, Eterm, Mrxvt and 4 more | 2025-04-09 | 3.7 LOW | N/A |
|
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
|
|||||
| CVE-2009-0641 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 9.3 HIGH | N/A |
|
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
|
|||||
| CVE-2007-5239 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.
|
|||||
| CVE-2008-3172 | 1 Opera | 1 Opera | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
|
|||||
| CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
|
|||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.
|
|||||
| CVE-2008-0350 | 1 Evilsentinel | 1 Evilsentinel | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.
|
|||||
| CVE-2009-0411 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
|
|||||