Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0675 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. | |||||
CVE-2008-1656 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 7.5 HIGH | N/A |
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | |||||
CVE-2008-6008 | 1 Herongyang | 1 Hybook | 2024-02-28 | 5.0 MEDIUM | N/A |
hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb. | |||||
CVE-2008-3110 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. | |||||
CVE-2008-4506 | 1 Ibm | 1 Lotus Quickr | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | |||||
CVE-2008-1810 | 2 Linux, Sap | 2 Linux Kernel, Maxdb | 2024-02-28 | 4.4 MEDIUM | N/A |
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. | |||||
CVE-2009-2291 | 2 Chad Phillips, Drupal | 2 Logintoboggan, Drupal | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2024-02-28 | 5.0 MEDIUM | N/A |
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | |||||
CVE-2008-5127 | 1 Ocean12 Technologies | 1 Contact Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. | |||||
CVE-2008-3856 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 7.5 HIGH | N/A |
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | |||||
CVE-2008-6496 | 1 Visagesoft | 1 Expert Pdf Editorx | 2024-02-28 | 8.8 HIGH | N/A |
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. | |||||
CVE-2008-5417 | 1 Hp | 2 Decnet Plus For Openvms, Openvms | 2024-02-28 | 2.1 LOW | N/A |
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | |||||
CVE-2008-7161 | 1 Fortinet | 1 Fortigate-1000 | 2024-02-28 | 7.5 HIGH | N/A |
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. | |||||
CVE-2008-4554 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | |||||
CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2024-02-28 | 6.5 MEDIUM | N/A |
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | |||||
CVE-2008-2139 | 1 Rpath | 1 Appliance Platform Agent | 2024-02-28 | 6.5 MEDIUM | N/A |
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. | |||||
CVE-2009-1594 | 1 Armorlogic | 1 Profense Web Application Firewall | 2024-02-28 | 7.5 HIGH | N/A |
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL. | |||||
CVE-2008-1361 | 1 Vmware | 6 Ace, Player, Server and 3 more | 2024-02-28 | 6.8 MEDIUM | N/A |
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. | |||||
CVE-2009-4174 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2024-02-28 | 6.0 MEDIUM | N/A |
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action. | |||||
CVE-2008-4545 | 1 Cisco | 1 Unity | 2024-02-28 | 4.0 MEDIUM | N/A |
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. |