Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3172 | 1 Opera | 1 Opera | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | |||||
| CVE-2009-1771 | 1 Flyspeck | 1 Flyspeck Cms | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters. | |||||
| CVE-2007-3285 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | |||||
| CVE-2009-0170 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. | |||||
| CVE-2008-7118 | 1 Webidsupport | 1 Webid | 2025-04-09 | 5.0 MEDIUM | N/A |
| WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log. | |||||
| CVE-2009-1752 | 1 Exjune | 1 Office Message System | 2025-04-09 | 7.5 HIGH | N/A |
| exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2705 | 2 Broadcom, Sun | 2 Siteminder, J2ee | 2025-04-09 | 4.3 MEDIUM | N/A |
| CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. | |||||
| CVE-2009-3880 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | |||||
| CVE-2008-1692 | 1 Eterm | 1 Eterm | 2025-04-09 | 6.9 MEDIUM | N/A |
| Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | |||||
| CVE-2008-5916 | 1 Git | 1 Git | 2025-04-09 | 4.6 MEDIUM | N/A |
| gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | |||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2025-04-09 | 7.5 HIGH | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5130 | 1 Ocean12 Technologies | 1 Calendar Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | |||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2025-04-09 | 7.5 HIGH | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
| CVE-2009-2674 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-2378 | 1 Hf | 1 Hf | 2025-04-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | |||||
| CVE-2008-1242 | 1 Belkin | 1 F5d7230-4 | 2025-04-09 | 10.0 HIGH | N/A |
| The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802. | |||||
| CVE-2008-2400 | 1 Stunnel | 1 Stunnel | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2025-04-09 | 7.5 HIGH | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1507 | 1 Drupal | 2 Drupal, Nodeaccess Userreference | 2025-04-09 | 7.5 HIGH | N/A |
| The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node. | |||||
| CVE-2008-7212 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2025-04-09 | 5.0 MEDIUM | N/A |
| MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. | |||||