Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1483 | 1 Openbsd | 1 Openssh | 2025-04-09 | 6.9 MEDIUM | N/A |
|
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
|
|||||
| CVE-2008-2810 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.
|
|||||
| CVE-2008-3472 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability."
|
|||||
| CVE-2008-3742 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
|
|||||
| CVE-2009-2558 | 1 Adminnewstools | 1 Admin News Tools | 2025-04-09 | 7.5 HIGH | N/A |
|
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request.
|
|||||
| CVE-2005-4880 | 1 Jax Scripts | 1 Jax Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
|
|||||
| CVE-2008-3972 | 2 Opensc-project, Siemens | 2 Opensc, Cardos | 2025-04-09 | 6.6 MEDIUM | N/A |
|
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
|
|||||
| CVE-2008-5905 | 1 Ktorrent | 1 Ktorrent | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.
|
|||||
| CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 7.5 HIGH | N/A |
|
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.
|
|||||
| CVE-2008-5397 | 1 Tor | 1 Tor | 2025-04-09 | 7.2 HIGH | N/A |
|
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
|
|||||
| CVE-2008-5896 | 1 Codeavalanche | 1 Ratemysite | 2025-04-09 | 7.5 HIGH | N/A |
|
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1085 | 1 Matomo | 1 Matomo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
|
|||||
| CVE-2007-4600 | 1 Ptc | 1 Mathcad | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element.
|
|||||
| CVE-2009-2705 | 2 Broadcom, Sun | 2 Siteminder, J2ee | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
|
|||||
| CVE-2009-2393 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2025-04-09 | 6.5 MEDIUM | N/A |
|
admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors.
|
|||||
| CVE-2009-3589 | 1 Inotify | 1 Incron | 2025-04-09 | 4.6 MEDIUM | N/A |
|
incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table.
|
|||||
| CVE-2009-1226 | 1 Podcast Generator | 1 Podcast Generator | 2025-04-09 | 7.5 HIGH | N/A |
|
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
|
|||||
| CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.4 HIGH | N/A |
|
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2008-3356 | 1 Ingres | 1 Ingres | 2025-04-09 | 4.6 MEDIUM | N/A |
|
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
|
|||||
| CVE-2008-6747 | 1 Dotproject | 1 Dotproject | 2025-04-09 | 6.8 MEDIUM | N/A |
|
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6109 | 1 Shelter Manager | 1 Animal Shelter Manager | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI."
|
|||||
| CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."
|
|||||
| CVE-2008-0893 | 1 Redhat | 1 Directory Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
|
|||||
| CVE-2009-4556 | 1 Quickheal | 2 Antivirus Plus 2009, Total Security 2009 | 2025-04-09 | 7.2 HIGH | N/A |
|
Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe.
|
|||||
| CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.
|
|||||
| CVE-2009-4528 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2025-04-09 | 6.5 MEDIUM | N/A |
|
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.
|
|||||
| CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2025-04-09 | 10.0 HIGH | N/A |
|
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2007-4338 | 1 Haudenschilt | 1 Family Connections Cms | 2025-04-09 | 10.0 HIGH | N/A |
|
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
|
|||||
| CVE-2007-4390 | 1 Bluecat Networks | 1 Adonis | 2025-04-09 | 7.2 HIGH | N/A |
|
The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.
|
|||||
| CVE-2008-0792 | 1 F-secure | 8 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 5 more | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
|
|||||
| CVE-2007-5827 | 2 Debian, Iscsitarget | 2 Debian Linux, Iscsitarget | 2025-04-09 | 2.1 LOW | N/A |
|
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
|
|||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2007-5597 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.
|
|||||
| CVE-2008-0928 | 1 Qemu | 1 Qemu | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
|
|||||
| CVE-2008-3542 | 1 Hp | 1 Insight Diagnostics | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2008-5422 | 3 Novell, Redhat, Sun | 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
|
|||||
| CVE-2008-6914 | 1 Zeeways | 1 Zeeproperty | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/.
|
|||||
| CVE-2008-3464 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
|
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
|
|||||
| CVE-2006-6683 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2025-04-09 | 7.8 HIGH | N/A |
|
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
|
|||||
| CVE-2009-2027 | 1 Apple | 1 Safari | 2025-04-09 | 7.2 HIGH | N/A |
|
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.
|
|||||