Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3830 | 1 Condor Project | 1 Condor | 2024-02-28 | 7.2 HIGH | N/A |
Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions. | |||||
CVE-2008-5308 | 1 Lovecms | 2 Lovecms, The Simple Forum | 2024-02-28 | 7.5 HIGH | N/A |
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php. | |||||
CVE-2009-0802 | 1 Qbik | 1 Wingate | 2024-02-28 | 5.4 MEDIUM | N/A |
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
CVE-2008-3855 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | |||||
CVE-2009-2648 | 1 Flashden | 1 Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function. | |||||
CVE-2005-4880 | 1 Jax Scripts | 1 Jax Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv. | |||||
CVE-2008-4581 | 1 Ibm | 1 Enovia Smarteam | 2024-02-28 | 4.0 MEDIUM | N/A |
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. | |||||
CVE-2009-4301 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.0 MEDIUM | N/A |
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | |||||
CVE-2008-6052 | 1 Preprojects | 1 Pre E-learning Portal | 2024-02-28 | 5.0 MEDIUM | N/A |
PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
CVE-2008-1992 | 1 Acidcat | 1 Acidcat Cms | 2024-02-28 | 7.5 HIGH | N/A |
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields. | |||||
CVE-2008-6957 | 1 Discuz | 1 Discuz\! | 2024-02-28 | 7.5 HIGH | N/A |
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | |||||
CVE-2008-3618 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.0 HIGH | N/A |
The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended. | |||||
CVE-2009-0469 | 1 Futomis Cgi Cafe | 1 Fulltext Search Cgi | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors. | |||||
CVE-2008-4097 | 1 Oracle | 1 Mysql | 2024-02-28 | 4.6 MEDIUM | N/A |
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079. | |||||
CVE-2008-4552 | 1 Nfs | 1 Nfs-utils | 2024-02-28 | 7.5 HIGH | N/A |
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. | |||||
CVE-2009-2393 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2024-02-28 | 6.5 MEDIUM | N/A |
admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors. | |||||
CVE-2009-1839 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.4 MEDIUM | N/A |
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. | |||||
CVE-2009-1637 | 1 Simplecustomer | 1 Simple Customer | 2024-02-28 | 6.4 MEDIUM | N/A |
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | |||||
CVE-2009-4033 | 1 Tim Hockin | 1 Acpid | 2024-02-28 | 6.9 MEDIUM | N/A |
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. | |||||
CVE-2008-2104 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 4.0 MEDIUM | N/A |
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. |