Total
8080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3259 | 1 Openbsd | 1 Openssh | 2025-04-09 | 1.2 LOW | N/A |
| OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. | |||||
| CVE-2008-4180 | 1 Nooms | 1 Nooms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability." | |||||
| CVE-2009-2031 | 1 Sun | 1 Opensolaris | 2025-04-09 | 2.1 LOW | N/A |
| smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes. | |||||
| CVE-2008-3458 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 5.0 MEDIUM | N/A |
| Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | |||||
| CVE-2008-0938 | 1 Sun | 1 Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. | |||||
| CVE-2007-2402 | 1 Apple | 1 Quicktime | 2025-04-09 | 4.3 MEDIUM | N/A |
| QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. | |||||
| CVE-2009-4236 | 1 Ec-cube | 1 Ec-cube Ver2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions. | |||||
| CVE-2009-3782 | 2 2bits, Drupal | 2 Userpoints, Drupal | 2025-04-09 | 3.5 LOW | N/A |
| Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | |||||
| CVE-2009-3002 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. | |||||
| CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||||
| CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 1.9 LOW | N/A |
| Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | |||||
| CVE-2009-1556 | 1 Cisco | 1 Wvc54gca | 2025-04-09 | 3.5 LOW | N/A |
| img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507. | |||||
| CVE-2008-4445 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.7 MEDIUM | N/A |
| The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113. | |||||
| CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2025-04-09 | 3.5 LOW | N/A |
| Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2025-04-09 | 5.0 MEDIUM | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | |||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-09 | 4.0 MEDIUM | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | |||||
| CVE-2008-3894 | 1 Ibm | 1 Lenovo 7cetb5ww | 2025-04-09 | 2.1 LOW | N/A |
| IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2009-3881 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 7.5 HIGH | N/A |
| Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | |||||
| CVE-2006-6457 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 5.0 MEDIUM | N/A |
| tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message. | |||||
| CVE-2009-4109 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-09 | 5.0 MEDIUM | N/A |
| The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information. | |||||