Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2008-0573 | 1 Safenet | 3 Ipsecdrv.sys, Safenet Highassurance Remote, Softremote Vpn Client | 2025-04-09 | 7.2 HIGH | N/A |
| IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request. | |||||
| CVE-2008-0897 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.9 HIGH | N/A |
| Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. | |||||
| CVE-2009-0803 | 1 Smoothwall | 3 Networkguardian, Schoolguardian, Smoothguardian | 2025-04-09 | 5.4 MEDIUM | N/A |
| SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
| CVE-2007-6441 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 3.3 LOW | N/A |
| The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." | |||||
| CVE-2008-7117 | 1 Webidsupport | 1 Webid | 2025-04-09 | 5.0 MEDIUM | N/A |
| eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks. | |||||
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2025-04-09 | 6.4 MEDIUM | N/A |
| dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2653 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2025-04-09 | 4.6 MEDIUM | N/A |
| The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend. | |||||
| CVE-2008-3156 | 1 Panda | 1 Panda Activescan | 2025-04-09 | 9.3 HIGH | N/A |
| The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | |||||
| CVE-2007-2944 | 1 Wabcms | 1 Wabcms | 2025-04-09 | 5.0 MEDIUM | N/A |
| WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher. | |||||
| CVE-2007-5441 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 6.5 MEDIUM | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request. | |||||
| CVE-2007-6709 | 1 Linksys | 1 Wag54gs | 2025-04-09 | 7.5 HIGH | N/A |
| The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2025-04-09 | 7.5 HIGH | N/A |
| CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2025-04-09 | 7.5 HIGH | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | |||||
| CVE-2007-3186 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | |||||
| CVE-2007-5936 | 2 Tetex, Tug | 2 Tetex, Texlive 2007 | 2025-04-09 | 3.6 LOW | N/A |
| dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. | |||||
| CVE-2010-0221 | 1 Kingston | 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure | 2025-04-09 | 2.1 LOW | N/A |
| Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | |||||
| CVE-2009-3298 | 1 Mahara | 1 Mahara | 2025-04-09 | 6.5 MEDIUM | N/A |
| Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. | |||||
| CVE-2008-5886 | 1 Takempis | 1 Discussion Web | 2025-04-09 | 5.0 MEDIUM | N/A |
| TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | |||||