Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5596 | 1 Dotnetindex | 1 Ikon Admanager | 2024-02-28 | 5.0 MEDIUM | N/A |
| Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | |||||
| CVE-2008-6844 | 1 Ez | 1 Ez Publish | 2024-02-28 | 7.5 HIGH | N/A |
| The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | |||||
| CVE-2008-3064 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." | |||||
| CVE-2008-1593 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
| The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function. | |||||
| CVE-2008-4234 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 9.3 HIGH | N/A |
| Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. | |||||
| CVE-2009-2672 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 7.5 HIGH | N/A |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2008-3173 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.8 MEDIUM | N/A |
| Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. | |||||
| CVE-2009-0079 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-02-28 | 6.9 MEDIUM | N/A |
| The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." | |||||
| CVE-2008-2722 | 1 Menalto | 1 Gallery | 2024-02-28 | 7.5 HIGH | N/A |
| Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | |||||
| CVE-2008-1572 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
| Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | |||||
| CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2024-02-28 | 5.0 MEDIUM | N/A |
| ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | |||||
| CVE-2008-6929 | 1 Phpstore | 1 Auto Classifieds | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/. | |||||
| CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2024-02-28 | 5.0 MEDIUM | N/A |
| cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | |||||
| CVE-2009-3182 | 1 Anantasoft | 1 Gazelle Cms | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/. | |||||
| CVE-2008-3170 | 1 Apple | 1 Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
| Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | |||||
| CVE-2008-7157 | 1 Ekinboard | 1 Ekinboard | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/. | |||||
| CVE-2008-5121 | 4 Bluecoat, Cisco, Citrix and 1 more | 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
| dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | |||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2024-02-28 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2009-0169 | 1 Sun | 1 Java System Access Manager | 2024-02-28 | 9.0 HIGH | N/A |
| Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. | |||||
| CVE-2008-3106 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. | |||||