Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0564 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
|
|||||
| CVE-2013-1340 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 7.2 HIGH | 8.4 HIGH |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
|
|||||
| CVE-2013-3496 | 1 Infotecs | 4 Vipnet Client, Vipnet Coordinator, Vipnet Personal Firewall and 1 more | 2025-04-11 | 7.2 HIGH | N/A |
|
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
|
|||||
| CVE-2012-5651 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
|
|||||
| CVE-2013-5188 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.
|
|||||
| CVE-2013-1064 | 1 Canonical | 2 Apt-xapian-index, Ubuntu Linux | 2025-04-11 | 4.6 MEDIUM | N/A |
|
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
|
|||||
| CVE-2013-3315 | 1 Tibco | 1 Silver Mobile | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2009-4515 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
|
|||||
| CVE-2008-4822 | 1 Adobe | 1 Flash Player | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
|
|||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
|
|||||
| CVE-2009-3041 | 1 Spip | 1 Spip | 2025-04-09 | 7.5 HIGH | N/A |
|
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
|
|||||
| CVE-2007-6246 | 2 Adobe, Linux | 2 Flash Player, Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
|
|||||
| CVE-2008-1951 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.
|
|||||
| CVE-2009-2674 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
|
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2008-1595 | 1 Ibm | 1 Aix | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
|
|||||
| CVE-2007-6507 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
|
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
|
|||||
| CVE-2008-1473 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
|
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
|
|||||
| CVE-2008-0998 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
|
|||||
| CVE-2009-1716 | 1 Apple | 1 Safari | 2025-04-09 | 2.1 LOW | N/A |
|
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
|
|||||
| CVE-2009-0336 | 1 Katywhitton | 1 Blogit\! | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2488 | 1 Beaussier | 1 Roomphplanning | 2025-04-09 | 6.5 MEDIUM | N/A |
|
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.
|
|||||
| CVE-2009-3843 | 1 Hp | 1 Operations Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
|
|||||
| CVE-2009-0230 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more | 2025-04-09 | 9.0 HIGH | N/A |
|
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
|
|||||
| CVE-2008-4230 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | 1.9 LOW | N/A |
|
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
|
|||||
| CVE-2007-4647 | 1 2coolcode | 1 Our Space | 2025-04-09 | 5.0 MEDIUM | N/A |
|
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
|
|||||
| CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
|
|||||
| CVE-2008-4413 | 1 Hp | 2 Hp-ux, System Management Homepage | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.
|
|||||
| CVE-2009-4334 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
|
|||||
| CVE-2004-2764 | 1 Sun | 2 Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
|
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."
|
|||||
| CVE-2008-6674 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
|
|||||
| CVE-2008-6053 | 1 Preprojects | 1 Pre Resume Submitter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
|
|||||
| CVE-2008-4507 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.
|
|||||
| CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb.
|
|||||
| CVE-2007-6497 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 7.5 HIGH | N/A |
|
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
|
|||||
| CVE-2007-5441 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 6.5 MEDIUM | N/A |
|
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
|
|||||
| CVE-2009-0873 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."
|
|||||
| CVE-2008-1600 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
|
|||||
| CVE-2007-6081 | 1 Adventnet | 1 Eventlog Analyzer | 2025-04-09 | 7.5 HIGH | N/A |
|
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000.
|
|||||
| CVE-2008-1515 | 1 Otrs | 1 Otrs | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
|
|||||
| CVE-2006-7047 | 1 Shoutpro | 1 Shoutpro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.
|
|||||