Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5062 | 1 Adam Scheinberg | 1 Flip | 2025-04-09 | 7.5 HIGH | N/A |
| account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action. | |||||
| CVE-2007-5159 | 3 Ntfs-3g, Redhat, Ubuntu | 3 Ntfs-3g, Fedora, Ubuntu Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
| The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | |||||
| CVE-2009-2673 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | |||||
| CVE-2008-6291 | 1 Accscripts | 1 Acc Php Email | 2025-04-09 | 7.5 HIGH | N/A |
| Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin". | |||||
| CVE-2007-5237 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.1 HIGH | N/A |
| Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." | |||||
| CVE-2008-1940 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2025-04-09 | 4.6 MEDIUM | N/A |
| The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls. | |||||
| CVE-2008-1731 | 2 3281d, Drupal | 2 Simple Access, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | |||||
| CVE-2007-4315 | 3 Amd, Ati, Microsoft | 3 Catalyst Driver, Catalyst Driver, Windows Vista | 2025-04-09 | 6.9 MEDIUM | N/A |
| The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". | |||||
| CVE-2008-7209 | 1 Insane Visions | 1 Onecms | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2009-2077 | 2 Angrydonuts, Drupal | 2 Views, Drupal | 2025-04-09 | 4.0 MEDIUM | N/A |
| Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. | |||||
| CVE-2007-5827 | 2 Debian, Iscsitarget | 2 Debian Linux, Iscsitarget | 2025-04-09 | 2.1 LOW | N/A |
| iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | |||||
| CVE-2007-5965 | 1 Trolltech | 1 Qsslsocket | 2025-04-09 | 4.3 MEDIUM | N/A |
| QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user. | |||||
| CVE-2008-5572 | 1 Dotnetindex | 1 Professional Download Assistant | 2025-04-09 | 5.0 MEDIUM | N/A |
| Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | |||||
| CVE-2008-0632 | 1 Lightblog | 1 Lightblog | 2025-04-09 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory. | |||||
| CVE-2007-5238 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 2.6 LOW | N/A |
| Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." | |||||
| CVE-2008-3855 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | |||||
| CVE-2009-3904 | 1 Cubecart | 1 Cubecart | 2025-04-09 | 7.5 HIGH | N/A |
| classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header. | |||||
| CVE-2009-3041 | 1 Spip | 1 Spip | 2025-04-09 | 7.5 HIGH | N/A |
| SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009. | |||||
| CVE-2008-6109 | 1 Shelter Manager | 1 Animal Shelter Manager | 2025-04-09 | 4.6 MEDIUM | N/A |
| Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI." | |||||
| CVE-2008-2078 | 1 Robocode | 1 Robocode | 2025-04-09 | 7.5 HIGH | N/A |
| Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue. | |||||