Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1596 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680. | |||||
CVE-2008-3728 | 1 Microworld Technologies | 1 Mailscan | 2024-02-28 | 5.0 MEDIUM | N/A |
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/. | |||||
CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2024-02-28 | 4.0 MEDIUM | N/A |
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | |||||
CVE-2008-4992 | 1 Sun | 13 Blade T6300 Server, Blade T6320 Server, Fire Enterprise Server T1000 and 10 more | 2024-02-28 | 4.6 MEDIUM | N/A |
The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors. | |||||
CVE-2008-7026 | 1 Efrontlearning | 1 Efront | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/. | |||||
CVE-2009-1173 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 2.1 LOW | N/A |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used. | |||||
CVE-2009-2558 | 1 Adminnewstools | 1 Admin News Tools | 2024-02-28 | 7.5 HIGH | N/A |
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request. | |||||
CVE-2008-5725 | 1 Entechtaiwan | 1 Powerstrip | 2024-02-28 | 7.2 HIGH | N/A |
The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory. | |||||
CVE-2008-3557 | 1 Fhm-script | 1 Free Hosting Manager | 2024-02-28 | 7.5 HIGH | N/A |
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies. | |||||
CVE-2008-3876 | 1 Apple | 1 Iphone | 2024-02-28 | 1.9 LOW | N/A |
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. | |||||
CVE-2008-2378 | 1 Hf | 1 Hf | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | |||||
CVE-2009-1610 | 1 Jobscript | 1 Job Script Job Board Software | 2024-02-28 | 7.5 HIGH | N/A |
admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request. | |||||
CVE-2008-5687 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 5.0 MEDIUM | N/A |
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. | |||||
CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2024-02-28 | 5.0 MEDIUM | N/A |
Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | |||||
CVE-2009-1337 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.4 MEDIUM | N/A |
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. | |||||
CVE-2008-3113 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. | |||||
CVE-2009-2818 | 1 Apple | 1 Mac Os X Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | |||||
CVE-2009-4044 | 2 Bruno Massa, Drupal | 2 Web Services, Drupal | 2024-02-28 | 7.5 HIGH | N/A |
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. | |||||
CVE-2008-1599 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | |||||
CVE-2008-1484 | 1 Punbb | 1 Punbb | 2024-02-28 | 3.5 LOW | N/A |
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737. |