Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6487 | 1 Plain Black | 1 Webgui | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
|
|||||
| CVE-2007-6500 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
|
|||||
| CVE-2008-2784 | 1 Spamdyke | 1 Spamdyke | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
|
|||||
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
|
|||||
| CVE-2008-6960 | 1 X10media | 1 X10 Automatic Mp3 Script | 2025-04-09 | 5.0 MEDIUM | N/A |
|
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
|
|||||
| CVE-2009-0108 | 1 Phpauctions | 1 Phpauctions | 2025-04-09 | 7.5 HIGH | N/A |
|
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
|
|||||
| CVE-2008-6514 | 1 Compiz | 1 Compiz Fusion | 2025-04-09 | 6.2 MEDIUM | N/A |
|
The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.
|
|||||
| CVE-2009-0767 | 1 Bookelves | 1 Kipper | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.
|
|||||
| CVE-2009-3251 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 4.0 MEDIUM | N/A |
|
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.
|
|||||
| CVE-2008-5853 | 1 Chicomas | 1 Chicomas | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.
|
|||||
| CVE-2008-4234 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.
|
|||||
| CVE-2007-5254 | 1 Virusblokada | 1 Vba32 Antivirus | 2025-04-09 | 7.2 HIGH | N/A |
|
VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe.
|
|||||
| CVE-2008-2105 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 3.5 LOW | N/A |
|
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.
|
|||||
| CVE-2009-4301 | 1 Moodle | 1 Moodle | 2025-04-09 | 6.0 MEDIUM | N/A |
|
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
|
|||||
| CVE-2007-2279 | 1 Symantec | 1 Veritas Storage Foundation | 2025-04-09 | 9.3 HIGH | N/A |
|
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
|
|||||
| CVE-2008-6008 | 1 Herongyang | 1 Hybook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.
|
|||||
| CVE-2008-3395 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2400 | 1 Stunnel | 1 Stunnel | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.
|
|||||
| CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
|
|||||
| CVE-2008-6966 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | 7.5 HIGH | N/A |
|
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
|
|||||
| CVE-2008-1810 | 2 Linux, Sap | 2 Linux Kernel, Maxdb | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.
|
|||||
| CVE-2008-2771 | 1 Drupal | 2 Drupal, Node Hierarchy Module | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
|
|||||
| CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2025-04-09 | 5.0 MEDIUM | N/A |
|
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
|
|||||
| CVE-2008-0704 | 1 Hp | 3 Alpha, Integrity, Open Vms Tcp-ip Services | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.
|
|||||
| CVE-2007-4733 | 1 Aztech | 1 Dsl 600eu Router | 2025-04-09 | 9.3 HIGH | N/A |
|
The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
|
|||||
| CVE-2008-2717 | 2 Apache, Typo3 | 2 Apache Webserver, Typo3 | 2025-04-09 | 6.5 MEDIUM | N/A |
|
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
|
|||||
| CVE-2008-4472 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2025-04-09 | 9.3 HIGH | N/A |
|
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
|
|||||
| CVE-2007-4740 | 1 Telecom Italy | 1 Alice Messenger | 2025-04-09 | 9.3 HIGH | N/A |
|
The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
|
|||||
| CVE-2009-3298 | 1 Mahara | 1 Mahara | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.
|
|||||
| CVE-2007-5761 | 1 Motorola | 1 Netoctopus | 2025-04-09 | 7.2 HIGH | N/A |
|
The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.
|
|||||
| CVE-2009-2077 | 2 Angrydonuts, Drupal | 2 Views, Drupal | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.
|
|||||
| CVE-2009-4262 | 1 Haroldbakker | 1 Hb-ns | 2025-04-09 | 7.5 HIGH | N/A |
|
Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php.
|
|||||
| CVE-2009-2712 | 1 Sun | 3 Java System Access Manager, Java System Web Server, Opensso Enterprise | 2025-04-09 | 2.1 LOW | N/A |
|
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
|
|||||
| CVE-2007-5965 | 1 Trolltech | 1 Qsslsocket | 2025-04-09 | 4.3 MEDIUM | N/A |
|
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.
|
|||||
| CVE-2008-2287 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
|
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.
|
|||||
| CVE-2009-0090 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
|
|||||
| CVE-2007-1036 | 1 Jboss | 1 Jboss Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
|
|||||
| CVE-2008-1784 | 1 Prozilla | 1 Topsites | 2025-04-09 | 7.5 HIGH | N/A |
|
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
|
|||||
| CVE-2008-3376 | 1 Jamroom | 1 Jamroom | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
|
|||||
| CVE-2008-3631 | 1 Apple | 1 Ipod Touch | 2025-04-09 | 7.1 HIGH | N/A |
|
Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.
|
|||||