Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2882 | 1 Aspindir | 1 Shibby Shop | 2024-02-28 | 7.5 HIGH | N/A |
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. | |||||
CVE-2008-6771 | 1 Peterselie | 1 Yourplace | 2024-02-28 | 5.0 MEDIUM | N/A |
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function. | |||||
CVE-2008-2148 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 3.6 LOW | N/A |
The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. | |||||
CVE-2008-5504 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | |||||
CVE-2009-1226 | 1 Podcast Generator | 1 Podcast Generator | 2024-02-28 | 7.5 HIGH | N/A |
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter. | |||||
CVE-2008-5516 | 3 Git, Git-scm, Rpath | 3 Git, Git, Linux | 2024-02-28 | 7.5 HIGH | N/A |
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. | |||||
CVE-2009-2482 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 6.9 MEDIUM | N/A |
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | |||||
CVE-2008-1877 | 1 Debian | 1 Tss | 2024-02-28 | 2.1 LOW | N/A |
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges. | |||||
CVE-2008-6921 | 1 W2b | 1 Phpadboard | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/. | |||||
CVE-2008-6770 | 1 Peterselie | 1 Yourplace | 2024-02-28 | 5.0 MEDIUM | N/A |
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt. | |||||
CVE-2008-2146 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 7.5 HIGH | N/A |
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. | |||||
CVE-2008-6065 | 1 Oracle | 1 Database Server | 2024-02-28 | 5.1 MEDIUM | N/A |
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. | |||||
CVE-2008-5773 | 1 Nukedit | 1 Nukedit | 2024-02-28 | 5.0 MEDIUM | N/A |
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | |||||
CVE-2008-4401 | 1 Adobe | 1 Flash Player | 2024-02-28 | 10.0 HIGH | N/A |
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file. | |||||
CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | |||||
CVE-2009-3442 | 2 Ariel Barreiro, Drupal | 2 Meta Tags, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2009-1752 | 1 Exjune | 1 Office Message System | 2024-02-28 | 7.5 HIGH | N/A |
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-1550 | 1 Zakkis | 1 Abc Advertise | 2024-02-28 | 5.0 MEDIUM | N/A |
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request. | |||||
CVE-2008-2252 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." | |||||
CVE-2008-6799 | 1 Tufat | 1 Flashchat | 2024-02-28 | 7.5 HIGH | N/A |
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7." |