Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7066 | 1 2enetworx | 1 Openforum | 2024-02-28 | 7.5 HIGH | N/A |
| OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters. | |||||
| CVE-2009-2657 | 1 Nilf | 1 Nilfs | 2024-02-28 | 4.6 MEDIUM | N/A |
| nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2. | |||||
| CVE-2009-2674 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 7.5 HIGH | N/A |
| Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-3835 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | |||||
| CVE-2008-2079 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
| MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | |||||
| CVE-2009-2712 | 1 Sun | 3 Java System Access Manager, Java System Web Server, Opensso Enterprise | 2024-02-28 | 2.1 LOW | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | |||||
| CVE-2008-5780 | 1 Hostforest | 1 Forest Blog | 2024-02-28 | 5.0 MEDIUM | N/A |
| Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. | |||||
| CVE-2008-5128 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2024-02-28 | 5.0 MEDIUM | N/A |
| Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | |||||
| CVE-2009-2056 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 3.3 LOW | N/A |
| Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path. | |||||
| CVE-2009-1507 | 1 Drupal | 2 Drupal, Nodeaccess Userreference | 2024-02-28 | 7.5 HIGH | N/A |
| The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node. | |||||
| CVE-2009-3589 | 1 Inotify | 1 Incron | 2024-02-28 | 4.6 MEDIUM | N/A |
| incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table. | |||||
| CVE-2009-1052 | 1 Chaozz | 1 Fireant | 2024-02-28 | 5.0 MEDIUM | N/A |
| FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | |||||
| CVE-2009-0835 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 3.6 LOW | N/A |
| The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. | |||||
| CVE-2009-2859 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.6 MEDIUM | N/A |
| IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | |||||
| CVE-2008-3273 | 1 Jboss | 1 Enterprise Application Platform | 2024-02-28 | 5.0 MEDIUM | N/A |
| JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | |||||
| CVE-2009-1716 | 1 Apple | 1 Safari | 2024-02-28 | 2.1 LOW | N/A |
| CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2009-4091 | 1 Simplog | 1 Simplog | 2024-02-28 | 5.0 MEDIUM | N/A |
| comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action. | |||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 7.5 HIGH | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
| CVE-2008-3826 | 1 Condor Project | 1 Condor | 2024-02-28 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors. | |||||
| CVE-2008-5873 | 1 Yerba | 1 Yerba | 2024-02-28 | 7.5 HIGH | N/A |
| Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username. | |||||