Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1995 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | 7.5 HIGH | N/A |
| Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. | |||||
| CVE-2009-2859 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.6 MEDIUM | N/A |
| IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | |||||
| CVE-2008-5041 | 1 Sweex | 1 Ro002 Router | 2025-04-09 | 7.5 HIGH | N/A |
| Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6617 | 1 Sitexs Cms | 1 Sitexs Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | |||||
| CVE-2008-2540 | 2 Apple, Microsoft | 6 Safari, Internet Explorer, Windows Server 2003 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
| Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | |||||
| CVE-2009-0807 | 1 Zfeeder | 1 Zfeeder | 2025-04-09 | 7.5 HIGH | N/A |
| zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. | |||||
| CVE-2008-3924 | 1 Hans Oesterholt | 1 Cmme | 2025-04-09 | 4.3 MEDIUM | N/A |
| The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19. | |||||
| CVE-2009-2648 | 1 Flashden | 1 Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-1139 | 1 Deslock | 1 Deslock | 2025-04-09 | 7.2 HIGH | N/A |
| DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability. | |||||
| CVE-2009-1665 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | 6.4 MEDIUM | N/A |
| myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields. | |||||
| CVE-2007-4539 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.0 MEDIUM | N/A |
| The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. | |||||
| CVE-2008-2288 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 3.6 LOW | N/A |
| Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. | |||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||||
| CVE-2007-6603 | 1 Hotscripts | 1 Hot Or Not Clone | 2025-04-09 | 5.0 MEDIUM | N/A |
| Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php. | |||||
| CVE-2008-7219 | 1 Horde | 5 Groupware, Groupware Webmail Edition, Kronolith H3 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | |||||
| CVE-2008-3109 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | |||||
| CVE-2008-1681 | 1 Ibm | 1 Db2 Content Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege. | |||||
| CVE-2008-0805 | 1 Reality | 1 Medias Phpizabi | 2025-04-09 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures. | |||||
| CVE-2007-5597 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions. | |||||
| CVE-2008-0372 | 1 8e6 | 1 R3000 Internet Filter | 2025-04-09 | 5.0 MEDIUM | N/A |
| 8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. | |||||