Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4539 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.
|
|||||
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
|
|||||
| CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.
|
|||||
| CVE-2007-5260 | 1 Asp-cms | 1 Asp-cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb.
|
|||||
| CVE-2008-3173 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866.
|
|||||
| CVE-2008-7010 | 1 Skalinks | 1 Exchange Script | 2025-04-09 | 10.0 HIGH | N/A |
|
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.
|
|||||
| CVE-2007-6636 | 1 Bitflu | 1 Bitflu | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file.
|
|||||
| CVE-2009-2670 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
|
|||||
| CVE-2009-0250 | 1 Ryneezy | 1 Phosheezy | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.
|
|||||
| CVE-2008-0897 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.9 HIGH | N/A |
|
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.
|
|||||
| CVE-2009-2025 | 1 Dutchmonkey | 1 Dm Filemanager | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
|
|||||
| CVE-2008-5600 | 1 Merlix | 1 Teamworx Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.
|
|||||
| CVE-2007-5735 | 1 Efileman | 1 Efileman | 2025-04-09 | 5.0 MEDIUM | N/A |
|
eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm.
|
|||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2025-04-09 | 7.5 HIGH | N/A |
|
Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.
|
|||||
| CVE-2007-0729 | 1 Apple | 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
|
|||||
| CVE-2007-4610 | 1 Dale Mooney | 1 Moon Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.
|
|||||
| CVE-2007-6047 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
|
|||||
| CVE-2007-5230 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
|
|||||
| CVE-2008-0931 | 2 Debian, Xwine | 2 Debian Linux, Xwine | 2025-04-09 | 6.3 MEDIUM | N/A |
|
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.
|
|||||
| CVE-2008-4252 | 1 Microsoft | 5 Office Frontpage, Project, Visual Basic and 2 more | 2025-04-09 | 8.5 HIGH | N/A |
|
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
|
|||||
| CVE-2008-6673 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 7.5 HIGH | N/A |
|
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.
|
|||||
| CVE-2008-0730 | 1 Sun | 1 Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.
|
|||||
| CVE-2009-4033 | 1 Tim Hockin | 1 Acpid | 2025-04-09 | 6.9 MEDIUM | N/A |
|
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.
|
|||||
| CVE-2009-0866 | 1 Phnews | 1 Phnews | 2025-04-09 | 5.0 MEDIUM | N/A |
|
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.
|
|||||
| CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
|
|||||
| CVE-2008-4484 | 1 Crux Software | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
|
|||||
| CVE-2008-4415 | 1 Hp | 1 Service Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2008-7066 | 1 2enetworx | 1 Openforum | 2025-04-09 | 7.5 HIGH | N/A |
|
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
|
|||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.
|
|||||
| CVE-2007-5571 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.
|
|||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
|
|||||
| CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.3 HIGH | N/A |
|
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
|
|||||
| CVE-2006-5585 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
|
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
|
|||||
| CVE-2007-6690 | 1 Menalto | 1 Gallery | 2025-04-09 | 10.0 HIGH | N/A |
|
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
|
|||||
| CVE-2008-5274 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
|
|||||
| CVE-2008-5852 | 1 Emefa | 1 Emefa Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb.
|
|||||
| CVE-2008-3605 | 1 Mcafee | 1 Encrypted Usb Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.
|
|||||
| CVE-2007-5044 | 1 Zonelabs | 1 Zonealarm | 2025-04-09 | 6.9 MEDIUM | N/A |
|
ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreatePort and (2) NtDeleteFile kernel SSDT hooks, a partial regression of CVE-2007-2083.
|
|||||