Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2764 | 1 Sun | 2 Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." | |||||
| CVE-2009-0230 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more | 2025-04-09 | 9.0 HIGH | N/A |
| The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." | |||||
| CVE-2008-5398 | 1 Tor | 1 Tor | 2025-04-09 | 9.3 HIGH | N/A |
| Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. | |||||
| CVE-2007-6500 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | |||||
| CVE-2008-3464 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." | |||||
| CVE-2008-4195 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script. | |||||
| CVE-2009-2171 | 1 Mahara | 1 Mahara | 2025-04-09 | 4.0 MEDIUM | N/A |
| Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | |||||
| CVE-2008-5885 | 1 Thenetguys | 1 Aspired2quote | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2717 | 2 Microsoft, Sun | 2 Windows 2000, Java Se | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | |||||
| CVE-2008-3631 | 1 Apple | 1 Ipod Touch | 2025-04-09 | 7.1 HIGH | N/A |
| Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. | |||||
| CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2025-04-09 | 5.0 MEDIUM | N/A |
| Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | |||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | |||||
| CVE-2009-4358 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.7 MEDIUM | N/A |
| freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. | |||||
| CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | |||||
| CVE-2007-0541 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. | |||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2025-04-09 | 7.5 HIGH | N/A |
| Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2009-3461 | 1 Adobe | 1 Acrobat | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors. | |||||
| CVE-2008-4790 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.0 MEDIUM | N/A |
| The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | |||||
| CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-04-09 | 8.5 HIGH | N/A |
| The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | |||||
| CVE-2005-4880 | 1 Jax Scripts | 1 Jax Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv. | |||||