Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2674 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-2378 | 1 Hf | 1 Hf | 2025-04-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | |||||
| CVE-2008-1242 | 1 Belkin | 1 F5d7230-4 | 2025-04-09 | 10.0 HIGH | N/A |
| The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802. | |||||
| CVE-2008-2400 | 1 Stunnel | 1 Stunnel | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2025-04-09 | 7.5 HIGH | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1507 | 1 Drupal | 2 Drupal, Nodeaccess Userreference | 2025-04-09 | 7.5 HIGH | N/A |
| The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node. | |||||
| CVE-2008-7212 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2025-04-09 | 5.0 MEDIUM | N/A |
| MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. | |||||
| CVE-2008-4581 | 1 Ibm | 1 Enovia Smarteam | 2025-04-09 | 4.0 MEDIUM | N/A |
| The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. | |||||
| CVE-2008-4228 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | 3.6 LOW | N/A |
| The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. | |||||
| CVE-2008-0864 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-0145 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | |||||
| CVE-2003-1571 | 1 Webwizguide | 1 Web Wiz Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. | |||||
| CVE-2008-3173 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 6.8 MEDIUM | N/A |
| Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. | |||||
| CVE-2008-6920 | 1 W2b | 1 Phpemployment | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/. | |||||
| CVE-2008-4472 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2025-04-09 | 9.3 HIGH | N/A |
| The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | |||||
| CVE-2007-5194 | 1 Rpath | 1 Rmake | 2025-04-09 | 6.9 MEDIUM | N/A |
| The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. | |||||
| CVE-2007-5278 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable. | |||||
| CVE-2009-1135 | 1 Microsoft | 1 Isa Server | 2025-04-09 | 9.0 HIGH | N/A |
| Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." | |||||
| CVE-2008-4512 | 1 Designplace | 1 Asp\/ms Access Shoutbox | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2008-0862 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 4.3 MEDIUM | N/A |
| IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. | |||||