Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4545 | 1 Logoshows | 1 Logoshows Bbs | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb.
|
|||||
| CVE-2009-0028 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
|
|||||
| CVE-2008-7173 | 1 Juracapecoffee | 2 Internet Connectivity Kit, Jura Impressa | 2025-04-09 | 10.0 HIGH | N/A |
|
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
|
|||||
| CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
|
|||||
| CVE-2009-2574 | 1 Bioscripts | 1 Minitwitter | 2025-04-09 | 6.5 MEDIUM | N/A |
|
index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action.
|
|||||
| CVE-2008-0135 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
|
|||||
| CVE-2008-0701 | 1 Magnolia | 1 Ce | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.
|
|||||
| CVE-2008-1596 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.
|
|||||
| CVE-2008-1937 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
|
|||||
| CVE-2010-0310 | 1 Sun | 1 Solaris | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
|
|||||
| CVE-2008-3047 | 1 Typo3 | 1 Kb Unpack Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.
|
|||||
| CVE-2007-3036 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Services For Unix and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
|
|||||
| CVE-2007-5835 | 1 Bosdev | 1 Bosnews | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
|
|||||
| CVE-2009-0802 | 1 Qbik | 1 Wingate | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
|
|||||
| CVE-2007-6650 | 1 Bitweaver | 1 R2 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
|
|||||
| CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2025-04-09 | 7.5 HIGH | N/A |
|
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
|
|||||
| CVE-2008-1099 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
|
|||||
| CVE-2007-2975 | 1 Ignite Realtime | 1 Openfire | 2025-04-09 | 7.5 HIGH | N/A |
|
The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.
|
|||||
| CVE-2008-1731 | 2 3281d, Drupal | 2 Simple Access, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
|
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.
|
|||||
| CVE-2008-3485 | 1 Citrix | 2 Metaframe Presentation Server, Xp | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
|
|||||
| CVE-2008-0038 | 1 Apple | 1 Mac Os X | 2025-04-09 | 1.9 LOW | N/A |
|
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
|
|||||
| CVE-2007-5038 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
|
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
|
|||||
| CVE-2008-2378 | 1 Hf | 1 Hf | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option.
|
|||||
| CVE-2008-1436 | 1 Microsoft | 5 Windows-nt, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 9.0 HIGH | N/A |
|
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), ...
Show More |
|||||
| CVE-2007-3500 | 1 Xeforum | 1 Xeforum | 2025-04-09 | 10.0 HIGH | N/A |
|
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
|
|||||
| CVE-2009-0345 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.
|
|||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
|
|||||
| CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/.
|
|||||
| CVE-2008-2293 | 1 Tpvgames | 1 Mpcs | 2025-04-09 | 7.5 HIGH | N/A |
|
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
|
|||||
| CVE-2008-3890 | 2 Amd, Freebsd | 2 Amd64, Freebsd | 2025-04-09 | 7.2 HIGH | N/A |
|
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.
|
|||||
| CVE-2009-1338 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.
|
|||||
| CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
|
|||||
| CVE-2009-1601 | 1 Ubuntu | 1 Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.
|
|||||
| CVE-2008-7117 | 1 Webidsupport | 1 Webid | 2025-04-09 | 5.0 MEDIUM | N/A |
|
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
|
|||||
| CVE-2008-7128 | 1 Xyssl | 1 Xyssl | 2025-04-09 | 7.5 HIGH | N/A |
|
The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.
|
|||||
| CVE-2009-3106 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.
|
|||||
| CVE-2008-5340 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.
|
|||||
| CVE-2008-3573 | 2 Php-nuke, Pligg | 2 Php-nuke, Pligg | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.
|
|||||
| CVE-2008-0777 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
|
|||||
| CVE-2010-0318 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure.
|
|||||