Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2024-02-28 | 5.0 MEDIUM | N/A |
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | |||||
CVE-2009-0676 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. | |||||
CVE-2009-3251 | 1 Vtiger | 1 Vtiger Crm | 2024-02-28 | 4.0 MEDIUM | N/A |
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. | |||||
CVE-2009-0807 | 1 Zfeeder | 1 Zfeeder | 2024-02-28 | 7.5 HIGH | N/A |
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. | |||||
CVE-2008-6053 | 1 Preprojects | 1 Pre Resume Submitter | 2024-02-28 | 5.0 MEDIUM | N/A |
PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
CVE-2008-6673 | 1 Quickersite | 1 Quickersite | 2024-02-28 | 7.5 HIGH | N/A |
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action. | |||||
CVE-2009-0732 | 1 Lingx | 1 Downloadcenter | 2024-02-28 | 5.0 MEDIUM | N/A |
Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-6960 | 1 X10media | 1 X10 Automatic Mp3 Script | 2024-02-28 | 5.0 MEDIUM | N/A |
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php. | |||||
CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2024-02-28 | 5.0 MEDIUM | N/A |
The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | |||||
CVE-2009-0498 | 1 Minitdesign | 1 Virtual Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb. | |||||
CVE-2008-1931 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2024-02-28 | 6.8 MEDIUM | N/A |
Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. | |||||
CVE-2008-4582 | 4 Canonical, Debian, Microsoft and 1 more | 5 Ubuntu Linux, Debian Linux, Windows and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. | |||||
CVE-2008-3542 | 1 Hp | 1 Insight Diagnostics | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors. | |||||
CVE-2008-6292 | 1 Accscripts | 1 Acc Autos | 2024-02-28 | 7.5 HIGH | N/A |
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1." | |||||
CVE-2008-1668 | 1 Hp | 1 Hp-ux | 2024-02-28 | 10.0 HIGH | N/A |
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information. | |||||
CVE-2008-6930 | 1 Phpstore | 1 Real Estate | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | |||||
CVE-2008-3825 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 4.4 MEDIUM | N/A |
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. | |||||
CVE-2009-2766 | 1 Dd-wrt | 1 Dd-wrt | 2024-02-28 | 7.5 HIGH | N/A |
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests. | |||||
CVE-2008-4789 | 1 Drupal | 1 Drupal | 2024-02-28 | 6.0 MEDIUM | N/A |
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." | |||||
CVE-2008-1731 | 2 3281d, Drupal | 2 Simple Access, Drupal | 2024-02-28 | 7.5 HIGH | N/A |
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. |