Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4873 | 1 Simplenews | 1 Simplenews | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
|
|||||
| CVE-2007-5040 | 1 Ghostsecurity | 1 Ghost Security Suite | 2025-04-09 | 2.1 LOW | N/A |
|
Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks.
|
|||||
| CVE-2008-5393 | 1 Privacy-cd | 1 Unbuntu Privacy Remix | 2025-04-09 | 10.0 HIGH | N/A |
|
UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays.
|
|||||
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors.
|
|||||
| CVE-2009-2859 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.6 MEDIUM | N/A |
|
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
|
|||||
| CVE-2008-5504 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.5 HIGH | N/A |
|
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
|
|||||
| CVE-2009-2770 | 1 Powerupload | 1 Powerupload | 2025-04-09 | 7.5 HIGH | N/A |
|
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
|
|||||
| CVE-2007-5919 | 1 Mywebftp | 1 Mywebftp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt.
|
|||||
| CVE-2008-1027 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
|
|||||
| CVE-2008-6643 | 1 Lokicms | 1 Lokicms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
|
|||||
| CVE-2008-1215 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
|
|||||
| CVE-2008-0843 | 1 Statcountex | 1 Statcountex | 2025-04-09 | 6.4 MEDIUM | N/A |
|
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
|
|||||
| CVE-2008-5384 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.
|
|||||
| CVE-2008-2824 | 1 Xerox | 1 Workcentre | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.
|
|||||
| CVE-2003-1571 | 1 Webwizguide | 1 Web Wiz Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
|
|||||
| CVE-2008-4401 | 1 Adobe | 1 Flash Player | 2025-04-09 | 10.0 HIGH | N/A |
|
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
|
|||||
| CVE-2008-5931 | 1 The Net Guys | 1 Aspired2blog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4700 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
|
|||||
| CVE-2008-2104 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
|
|||||
| CVE-2009-4314 | 1 Sun | 2 Ray Server Software, Solaris | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.
|
|||||
| CVE-2008-7186 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
|
|||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2025-04-09 | 7.5 HIGH | N/A |
|
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
|
|||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | 7.2 HIGH | N/A |
|
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.
|
|||||
| CVE-2008-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
|
|||||
| CVE-2009-1599 | 2 Adobe, Opera | 2 Acrobat Reader, Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PD ...
Show More |
|||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2025-04-09 | 7.5 HIGH | N/A |
|
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5459 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.
|
|||||
| CVE-2008-2873 | 1 Aspindir | 1 Shibby Shop | 2025-04-09 | 5.0 MEDIUM | N/A |
|
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
|
|||||
| CVE-2008-1783 | 1 Prozilla | 1 Reviews | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
|
|||||
| CVE-2008-5516 | 3 Git, Git-scm, Rpath | 3 Git, Git, Linux | 2025-04-09 | 7.5 HIGH | N/A |
|
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.
|
|||||
| CVE-2008-3300 | 1 Alphadmin | 1 Alphadmin Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6334 | 2 Ingres, Microsoft | 2 Ingres, Windows Nt | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
|
|||||
| CVE-2008-6870 | 1 Merlix | 1 Educate Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
|
|||||
| CVE-2009-0342 | 2 Linux, Provos | 2 Linux Kernel, Systrace | 2025-04-09 | 7.2 HIGH | N/A |
|
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
|
|||||
| CVE-2009-2704 | 1 Sun | 1 J2ee | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
|
|||||
| CVE-2008-5283 | 1 Ghh | 1 Google Hack Honeypot File Upload Manager | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.
|
|||||
| CVE-2009-1135 | 1 Microsoft | 1 Isa Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
|
|||||
| CVE-2008-1593 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
|
|||||
| CVE-2009-0399 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2025-04-09 | 7.5 HIGH | N/A |
|
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.
|
|||||
| CVE-2007-1309 | 1 Novell | 1 Access Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
|
|||||