Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-02-28 | 8.5 HIGH | N/A |
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | |||||
CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2024-02-28 | 5.0 MEDIUM | N/A |
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | |||||
CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2024-02-28 | 7.5 HIGH | N/A |
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | |||||
CVE-2009-0011 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. | |||||
CVE-2008-5422 | 3 Novell, Redhat, Sun | 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | |||||
CVE-2008-3303 | 1 Tuxplanet | 1 Bilboblog | 2024-02-28 | 6.8 MEDIUM | N/A |
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | |||||
CVE-2008-3872 | 1 Adobe | 1 Flash Player | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. | |||||
CVE-2008-3047 | 1 Typo3 | 1 Kb Unpack Extension | 2024-02-28 | 7.5 HIGH | N/A |
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
CVE-2008-6147 | 1 Aspapp | 1 Forumapp | 2024-02-28 | 5.0 MEDIUM | N/A |
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. | |||||
CVE-2009-1462 | 1 Razorcms | 1 Razorcms | 2024-02-28 | 7.2 HIGH | N/A |
The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact. | |||||
CVE-2008-2540 | 2 Apple, Microsoft | 6 Safari, Internet Explorer, Windows Server 2003 and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | |||||
CVE-2009-0579 | 1 Linux-pam | 1 Linux-pam | 2024-02-28 | 4.6 MEDIUM | N/A |
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. | |||||
CVE-2008-4294 | 1 Ibm | 1 Tivoli Netcool Webtop | 2024-02-28 | 7.2 HIGH | N/A |
IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun. | |||||
CVE-2009-1160 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2024-02-28 | 4.3 MEDIUM | N/A |
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. | |||||
CVE-2009-3122 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2024-02-28 | 6.4 MEDIUM | N/A |
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | |||||
CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2024-02-28 | 6.5 MEDIUM | N/A |
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
CVE-2009-2705 | 2 Broadcom, Sun | 2 Siteminder, J2ee | 2024-02-28 | 4.3 MEDIUM | N/A |
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. | |||||
CVE-2009-0571 | 1 Ninjadesigns | 1 Mailist | 2024-02-28 | 5.0 MEDIUM | N/A |
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory. | |||||
CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2024-02-28 | 7.5 HIGH | N/A |
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | |||||
CVE-2009-0361 | 1 Eyrie | 1 Pam-krb5 | 2024-02-28 | 4.6 MEDIUM | N/A |
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. |