Total
7419 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0589 | 1 Ibm | 1 Aix | 2024-02-28 | 4.9 MEDIUM | N/A |
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2007-6193 | 1 Citrix | 1 Netscaler | 2024-02-28 | 5.0 MEDIUM | N/A |
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | |||||
CVE-2008-0041 | 1 Apple | 1 Mac Os X | 2024-02-28 | 5.0 MEDIUM | N/A |
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. | |||||
CVE-2008-1166 | 1 Flyspray | 1 Flyspray | 2024-02-28 | 5.0 MEDIUM | N/A |
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | |||||
CVE-2007-6283 | 4 Centos, Fedoraproject, Oracle and 1 more | 9 Centos, Fedora Core, Linux and 6 more | 2024-02-28 | 4.9 MEDIUM | N/A |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | |||||
CVE-2007-6536 | 1 Google | 1 Toolbar | 2024-02-28 | 6.8 MEDIUM | N/A |
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | |||||
CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2024-02-28 | 7.8 HIGH | N/A |
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | |||||
CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2024-02-28 | 5.0 MEDIUM | N/A |
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | |||||
CVE-2008-0938 | 1 Sun | 1 Solaris | 2024-02-28 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. | |||||
CVE-2008-0784 | 1 Cacti | 1 Cacti | 2024-02-28 | 5.0 MEDIUM | N/A |
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. | |||||
CVE-2007-6502 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 5.5 MEDIUM | N/A |
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. | |||||
CVE-2008-1270 | 1 Lighttpd | 1 Lighttpd | 2024-02-28 | 5.0 MEDIUM | N/A |
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. | |||||
CVE-2008-0249 | 1 Phpwebquest | 1 Phpwebquest | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments. | |||||
CVE-2008-1288 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | |||||
CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2024-02-28 | 5.0 MEDIUM | N/A |
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | |||||
CVE-2008-0420 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. | |||||
CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||||
CVE-2007-6606 | 1 Openbiblio | 1 Openbiblio | 2024-02-28 | 5.0 MEDIUM | N/A |
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
CVE-2007-5958 | 1 X.org | 1 Xserver | 2024-02-28 | 5.0 MEDIUM | N/A |
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. | |||||
CVE-2008-0978 | 1 Double-take Software | 1 Double-take | 2024-02-28 | 5.0 MEDIUM | N/A |
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries. |