Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2293 | 1 Tutorial-share | 1 Tutorial Share | 2025-04-09 | 7.5 HIGH | N/A |
| Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter. | |||||
| CVE-2008-4585 | 1 Belong Software | 1 Site Builder | 2025-04-09 | 7.5 HIGH | N/A |
| Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php. | |||||
| CVE-2008-0865 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | |||||
| CVE-2008-1628 | 1 Linux | 1 Audit | 2025-04-09 | 4.1 MEDIUM | N/A |
| Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3450 | 1 Sun | 1 Sunos | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2025-04-09 | 5.0 MEDIUM | N/A |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0328 | 1 Robs-projects | 1 Digital Sales Ipn | 2025-04-09 | 5.0 MEDIUM | N/A |
| ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb. | |||||
| CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2025-04-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | |||||
| CVE-2008-2402 | 1 Sun | 1 Java Asp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. | |||||
| CVE-2007-6503 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters. | |||||
| CVE-2009-2198 | 1 Apple | 1 Garageband | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | |||||
| CVE-2009-2558 | 1 Adminnewstools | 1 Admin News Tools | 2025-04-09 | 7.5 HIGH | N/A |
| system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request. | |||||
| CVE-2008-2079 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
| MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | |||||
| CVE-2006-7108 | 1 Andries Brouwer | 1 Util-linux | 2025-04-09 | 4.1 MEDIUM | N/A |
| login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. | |||||
| CVE-2009-1053 | 1 Chaozz | 1 Chaozzdb | 2025-04-09 | 5.0 MEDIUM | N/A |
| chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | |||||
| CVE-2007-4740 | 1 Telecom Italy | 1 Alice Messenger | 2025-04-09 | 9.3 HIGH | N/A |
| The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method. | |||||
| CVE-2008-4210 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
| fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. | |||||
| CVE-2008-4097 | 1 Oracle | 1 Mysql | 2025-04-09 | 4.6 MEDIUM | N/A |
| MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079. | |||||
| CVE-2008-0402 | 1 Ibm | 1 Websphere Business Modeler | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. | |||||
| CVE-2008-7161 | 1 Fortinet | 1 Fortigate-1000 | 2025-04-09 | 7.5 HIGH | N/A |
| Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. | |||||