Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2025-04-09 | 7.5 HIGH | N/A |
| News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | |||||
| CVE-2008-5608 | 1 Aspapps | 1 Asp Autodealer | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. | |||||
| CVE-2009-2208 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 3.6 LOW | N/A |
| FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | |||||
| CVE-2009-4515 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors. | |||||
| CVE-2007-5230 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 7.5 HIGH | N/A |
| admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231. | |||||
| CVE-2008-3112 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. | |||||
| CVE-2009-2024 | 1 Vt.rovno | 1 Asp Vt Auth | 2025-04-09 | 5.0 MEDIUM | N/A |
| Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. | |||||
| CVE-2009-4585 | 1 Aspindir | 1 Uranyumsoft Listing Service | 2025-04-09 | 5.0 MEDIUM | N/A |
| UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. | |||||
| CVE-2009-4334 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.6 MEDIUM | N/A |
| The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | |||||
| CVE-2008-3553 | 2 Nokia, Sun | 2 Series 40, J2me | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-0425 | 1 Frimousse | 1 Frimousse | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter. | |||||
| CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
| The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | |||||
| CVE-2007-6081 | 1 Adventnet | 1 Eventlog Analyzer | 2025-04-09 | 7.5 HIGH | N/A |
| AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | |||||
| CVE-2008-6966 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | 7.5 HIGH | N/A |
| AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php. | |||||
| CVE-2009-2689 | 1 Sun | 2 Java Se, Openjdk | 2025-04-09 | 10.0 HIGH | N/A |
| JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | |||||
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2025-04-09 | 5.8 MEDIUM | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | |||||
| CVE-2008-1627 | 1 Cds Software Consortium | 1 Invenio | 2025-04-09 | 3.5 LOW | N/A |
| CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. | |||||
| CVE-2009-1337 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
| The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. | |||||
| CVE-2008-7076 | 1 Kalptaru Infotech | 1 Stararticles | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/. | |||||
| CVE-2009-2056 | 1 Cisco | 1 Ios Xr | 2025-04-09 | 3.3 LOW | N/A |
| Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path. | |||||