Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3258 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 9.0 HIGH | N/A |
| vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors. | |||||
| CVE-2009-1495 | 1 Webfileexplorer | 1 Web File Explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
| Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. | |||||
| CVE-2009-2602 | 1 R2newsletter | 3 R2 Newsletter Lite, R2 Newsletter Pro, R2 Newsletter Stats | 2025-04-09 | 5.0 MEDIUM | N/A |
| R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb. | |||||
| CVE-2008-2338 | 1 Interspire | 1 Activekb | 2025-04-09 | 7.5 HIGH | N/A |
| Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. | |||||
| CVE-2008-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 1.9 LOW | N/A |
| AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||||
| CVE-2008-3747 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. | |||||
| CVE-2009-0436 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.2 HIGH | N/A |
| The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. | |||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2025-04-09 | 6.9 MEDIUM | N/A |
| Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. | |||||
| CVE-2007-5931 | 1 Orangehrm | 1 Orangehrm | 2025-04-09 | 5.0 MEDIUM | N/A |
| The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6424 | 1 Netfortris | 1 Trixbox | 2025-04-09 | 4.3 MEDIUM | N/A |
| registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack. | |||||
| CVE-2009-4033 | 1 Tim Hockin | 1 Acpid | 2025-04-09 | 6.9 MEDIUM | N/A |
| A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. | |||||
| CVE-2009-1888 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-09 | 5.8 MEDIUM | N/A |
| The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | |||||
| CVE-2009-2712 | 1 Sun | 3 Java System Access Manager, Java System Web Server, Opensso Enterprise | 2025-04-09 | 2.1 LOW | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | |||||
| CVE-2009-0578 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | 6.2 MEDIUM | N/A |
| GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. | |||||
| CVE-2009-0367 | 1 Wesnoth | 1 Wesnoth | 2025-04-09 | 9.3 HIGH | N/A |
| The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module. | |||||
| CVE-2008-0628 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.8 HIGH | N/A |
| The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | |||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2025-04-09 | 7.5 HIGH | N/A |
| Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2009-0180 | 2 Nfs, Redhat | 2 Nfs-utils, Fedora | 2025-04-09 | 7.5 HIGH | N/A |
| Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. | |||||
| CVE-2009-1160 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. | |||||
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2025-04-09 | 7.5 HIGH | N/A |
| CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | |||||