Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3852 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2008-7026 | 1 Efrontlearning | 1 Efront | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.
|
|||||
| CVE-2008-5129 | 1 Ocean12 Technologies | 1 Poll Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
|
|||||
| CVE-2008-2232 | 1 Afuse | 1 Afuse | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname.
|
|||||
| CVE-2007-5771 | 1 Flatnuke3 | 1 Flatnuke3 | 2025-04-09 | 7.5 HIGH | N/A |
|
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
|
|||||
| CVE-2009-4452 | 1 Kaspersky Lab | 7 Kaspersky Anti-virus, Kaspersky Anti-virus 2009, Kaspersky Anti-virus 2010 and 4 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
|
|||||
| CVE-2007-3852 | 1 Sysstat | 1 Sysstat | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
|
|||||
| CVE-2008-0805 | 1 Reality | 1 Medias Phpizabi | 2025-04-09 | 9.3 HIGH | N/A |
|
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
|
|||||
| CVE-2008-5602 | 1 Natterchat | 1 Natterchat | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
|
|||||
| CVE-2007-0471 | 1 Checkpoint | 1 Connectra Ngx | 2025-04-09 | 7.5 HIGH | N/A |
|
sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.
|
|||||
| CVE-2009-2080 | 1 Mrcgiguy | 1 The Ticket System | 2025-04-09 | 7.5 HIGH | N/A |
|
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
|
|||||
| CVE-2007-6200 | 2 Rsync, Slackware | 2 Rsync, Slackware Linux | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
|
|||||
| CVE-2007-4601 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.
|
|||||
| CVE-2008-5130 | 1 Ocean12 Technologies | 1 Calendar Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
|
|||||
| CVE-2007-2229 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 7.2 HIGH | N/A |
|
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."
|
|||||
| CVE-2008-6054 | 1 Preprojects.com | 1 Pre Courier And Cargo Business | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
|
|||||
| CVE-2009-1337 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
|
|||||
| CVE-2009-3068 | 1 Adobe | 1 Robohelp Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
|
|||||
| CVE-2008-4992 | 1 Sun | 13 Blade T6300 Server, Blade T6320 Server, Fire Enterprise Server T1000 and 10 more | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors.
|
|||||
| CVE-2008-2707 | 2 Intel, Sun | 4 Network Interface Controller, Opensolaris, Solaris and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
|
|||||
| CVE-2008-6052 | 1 Preprojects | 1 Pre E-learning Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
|
|||||
| CVE-2008-2250 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
|
|||||
| CVE-2008-1369 | 1 Sun | 2 Sparc Enterprise Server, Sunos | 2025-04-09 | 10.0 HIGH | N/A |
|
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
|
|||||
| CVE-2009-2935 | 1 Google | 1 Chrome | 2025-04-09 | 10.0 HIGH | N/A |
|
Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.
|
|||||
| CVE-2008-7209 | 1 Insane Visions | 1 Onecms | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory.
|
|||||
| CVE-2009-4527 | 2 Drupal, Niif | 2 Drupal, Shib Auth | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.
|
|||||
| CVE-2009-4520 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Commentreference | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
|
|||||
| CVE-2009-2291 | 2 Chad Phillips, Drupal | 2 Logintoboggan, Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2009-3442 | 2 Ariel Barreiro, Drupal | 2 Meta Tags, Drupal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2009-0357 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
|
|||||
| CVE-2007-1206 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
|
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.
|
|||||
| CVE-2009-3716 | 1 Maniacomputer | 1 Mcshoutbox | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
|
|||||
| CVE-2009-3866 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
|
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.
|
|||||
| CVE-2009-2737 | 1 Toni Mueller | 1 Roundup | 2025-04-09 | 5.5 MEDIUM | N/A |
|
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
|
|||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb.
|
|||||
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.5 HIGH | N/A |
|
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
|
|||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 6.8 MEDIUM | N/A |
|
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
|
|||||
| CVE-2008-6886 | 1 Rsa | 1 Envision | 2025-04-09 | 5.0 MEDIUM | N/A |
|
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.
|
|||||
| CVE-2008-6871 | 1 Merlix | 1 Educate Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
|
|||||
| CVE-2008-1185 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue."
|
|||||