Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5896 | 1 Codeavalanche | 1 Ratemysite | 2025-04-09 | 7.5 HIGH | N/A |
| CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0383 | 1 Mzbservices | 1 Max.blog | 2025-04-09 | 6.4 MEDIUM | N/A |
| delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request. | |||||
| CVE-2007-5350 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." | |||||
| CVE-2008-0037 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.3 MEDIUM | N/A |
| X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. | |||||
| CVE-2008-0217 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 6.9 MEDIUM | N/A |
| The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. | |||||
| CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2025-04-09 | 10.0 HIGH | N/A |
| The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2008-4578 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 5.0 MEDIUM | N/A |
| The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes. | |||||
| CVE-2008-3395 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
| Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2313 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.6 MEDIUM | N/A |
| Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | |||||
| CVE-2007-5907 | 1 Xensource Inc | 1 Xen | 2025-04-09 | 4.7 MEDIUM | N/A |
| Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | |||||
| CVE-2009-4018 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. | |||||
| CVE-2008-4215 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
| Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2009-0641 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 9.3 HIGH | N/A |
| sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. | |||||
| CVE-2008-7115 | 1 Belkin | 2 F5d7632-4, Wireless G Router | 2025-04-09 | 10.0 HIGH | N/A |
| The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244. | |||||
| CVE-2008-6001 | 1 Adnforum | 1 Adnforum | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | |||||
| CVE-2008-4644 | 1 Mywebland | 1 Mystats | 2025-04-09 | 7.5 HIGH | N/A |
| hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header. | |||||
| CVE-2009-0676 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. | |||||
| CVE-2008-5133 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 5.8 MEDIUM | N/A |
| ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. | |||||
| CVE-2008-0293 | 1 Freeseat | 1 Freeseat | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. | |||||
| CVE-2009-2675 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | |||||