Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2059 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix Security Appliance | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.
|
|||||
| CVE-2008-0865 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
|
|||||
| CVE-2008-0696 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.5 HIGH | N/A |
|
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.
|
|||||
| CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb.
|
|||||
| CVE-2008-2348 | 1 Meltingicefs | 1 Meltingice File System | 2025-04-09 | 7.5 HIGH | N/A |
|
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.
|
|||||
| CVE-2007-5159 | 3 Ntfs-3g, Redhat, Ubuntu | 3 Ntfs-3g, Fedora, Ubuntu Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
|
|||||
| CVE-2009-2689 | 1 Sun | 2 Java Se, Openjdk | 2025-04-09 | 10.0 HIGH | N/A |
|
JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.
|
|||||
| CVE-2008-4789 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.0 MEDIUM | N/A |
|
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
|
|||||
| CVE-2009-0807 | 1 Zfeeder | 1 Zfeeder | 2025-04-09 | 7.5 HIGH | N/A |
|
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.
|
|||||
| CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-04-09 | 8.5 HIGH | N/A |
|
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
|
|||||
| CVE-2008-6292 | 1 Accscripts | 1 Acc Autos | 2025-04-09 | 7.5 HIGH | N/A |
|
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
|
|||||
| CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2025-04-09 | 8.5 HIGH | N/A |
|
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
|
|||||
| CVE-2009-3461 | 1 Adobe | 1 Acrobat | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors.
|
|||||
| CVE-2009-2717 | 2 Microsoft, Sun | 2 Windows 2000, Java Se | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
|
|||||
| CVE-2008-1668 | 1 Hp | 1 Hp-ux | 2025-04-09 | 10.0 HIGH | N/A |
|
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
|
|||||
| CVE-2008-4018 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
|
|||||
| CVE-2008-2288 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 3.6 LOW | N/A |
|
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.
|
|||||
| CVE-2009-3949 | 1 Vivaprograms | 1 Infinity Script | 2025-04-09 | 7.5 HIGH | N/A |
|
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.
|
|||||
| CVE-2007-5039 | 1 Ghostsecurity | 1 Ghost Security Suite | 2025-04-09 | 2.1 LOW | N/A |
|
Ghost Security Suite beta 1.110 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtQueryValueKey, (4) NtSetSystemInformation, and (5) NtSetValueKey kernel SSDT hooks.
|
|||||
| CVE-2008-5347 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.
|
|||||
| CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
|
|||||
| CVE-2008-4214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.
|
|||||
| CVE-2008-6957 | 1 Discuz | 1 Discuz\! | 2025-04-09 | 7.5 HIGH | N/A |
|
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
|
|||||
| CVE-2008-6869 | 1 Oramon | 1 Oramon | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
|
|||||
| CVE-2008-7212 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.
|
|||||
| CVE-2008-7217 | 1 Microsoft | 1 Office | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
|
|||||
| CVE-2008-2226 | 1 Openkm | 1 Openkm | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.
|
|||||
| CVE-2008-6496 | 1 Visagesoft | 1 Expert Pdf Editorx | 2025-04-09 | 8.8 HIGH | N/A |
|
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.
|
|||||
| CVE-2008-4831 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.
|
|||||
| CVE-2008-6929 | 1 Phpstore | 1 Auto Classifieds | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/.
|
|||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
|
|||||
| CVE-2009-3257 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 3.6 LOW | N/A |
|
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.
|
|||||
| CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
|
|||||
| CVE-2007-5338 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 9.3 HIGH | N/A |
|
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
|
|||||
| CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 3.3 LOW | N/A |
|
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
|
|||||
| CVE-2009-2766 | 1 Dd-wrt | 1 Dd-wrt | 2025-04-09 | 7.5 HIGH | N/A |
|
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
|
|||||
| CVE-2008-0569 | 1 Drupal | 1 Comment Upload Module | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.
|
|||||
| CVE-2008-0372 | 1 8e6 | 1 R3000 Internet Filter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
|
|||||
| CVE-2009-1752 | 1 Exjune | 1 Office Message System | 2025-04-09 | 7.5 HIGH | N/A |
|
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information.
|
|||||