Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3745 | 1 Drupal | 2 Drupal, Upload Module | 2025-04-09 | 5.5 MEDIUM | N/A |
| The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | |||||
| CVE-2008-0777 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.9 MEDIUM | N/A |
| The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. | |||||
| CVE-2008-4484 | 1 Crux Software | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | |||||
| CVE-2008-0779 | 1 Fortinet | 1 Forticlient Host Security | 2025-04-09 | 7.2 HIGH | N/A |
| The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. | |||||
| CVE-2007-6507 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
| SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. | |||||
| CVE-2008-5462 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2006-5585 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." | |||||
| CVE-2008-2488 | 1 Beaussier | 1 Roomphplanning | 2025-04-09 | 6.5 MEDIUM | N/A |
| admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts. | |||||
| CVE-2008-2148 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 3.6 LOW | N/A |
| The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. | |||||
| CVE-2008-4415 | 1 Hp | 1 Service Manager | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-2435 | 1 Sun | 3 Java Enterprise System, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. | |||||
| CVE-2007-0729 | 1 Apple | 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2008-4793 | 1 Drupal | 1 Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | |||||
| CVE-2007-5969 | 1 Mysql | 3 Community Server, Mysql Enterprise Server, Mysql Server | 2025-04-09 | 7.1 HIGH | N/A |
| MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. | |||||
| CVE-2009-0194 | 1 Garmin | 1 Garmin Communicator Plugin | 2025-04-09 | 9.3 HIGH | N/A |
| The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." | |||||
| CVE-2007-6278 | 1 Flac | 1 Libflac | 2025-04-09 | 9.3 HIGH | N/A |
| Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | |||||
| CVE-2007-5026 | 1 Dblog | 1 Dblog Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb. | |||||
| CVE-2009-4452 | 1 Kaspersky Lab | 7 Kaspersky Anti-virus, Kaspersky Anti-virus 2009, Kaspersky Anti-virus 2010 and 4 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. | |||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | |||||
| CVE-2008-4453 | 1 Dspicture | 2 Light Imaging Toolkit, Pro Imaging Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||