Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0045 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | |||||
| CVE-2008-1946 | 1 Gnu | 1 Coreutils | 2025-04-09 | 4.4 MEDIUM | N/A |
| The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | |||||
| CVE-2008-5027 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. | |||||
| CVE-2008-7216 | 1 Wordpress | 1 Peter\'s Math Anti-spam For Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | |||||
| CVE-2007-6496 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 6.8 MEDIUM | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654. | |||||
| CVE-2008-1931 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2025-04-09 | 6.8 MEDIUM | N/A |
| Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. | |||||
| CVE-2008-5128 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | |||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | 4.3 MEDIUM | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | |||||
| CVE-2008-0162 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2025-04-09 | 7.2 HIGH | N/A |
| misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. | |||||
| CVE-2009-0062 | 1 Cisco | 3 Catalyst 3750 Series Integrated Wireless Lan Controller, Catalyst 6500 Wireless Services Modules, Wireless Lan Controller Software | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels. | |||||
| CVE-2007-5171 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors. | |||||
| CVE-2008-1572 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.6 MEDIUM | N/A |
| Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | |||||
| CVE-2007-1206 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. | |||||
| CVE-2009-2160 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 5.0 MEDIUM | N/A |
| TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | |||||
| CVE-2009-2649 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.7 MEDIUM | N/A |
| The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value. | |||||
| CVE-2007-5447 | 2 Ioncube, Php | 2 Php Encoder, Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function. | |||||
| CVE-2008-0214 | 1 Hp | 1 Select Identity | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. | |||||
| CVE-2008-4131 | 1 Sun | 1 Solaris | 2025-04-09 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs. | |||||
| CVE-2008-6293 | 1 Accscripts | 1 Acc Real Estate | 2025-04-09 | 7.5 HIGH | N/A |
| admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | |||||
| CVE-2008-2724 | 1 Menalto | 1 Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | |||||