Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 7.5 HIGH | N/A |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | |||||
CVE-2009-0866 | 1 Phnews | 1 Phnews | 2024-02-28 | 5.0 MEDIUM | N/A |
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. | |||||
CVE-2008-2940 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-28 | 7.2 HIGH | N/A |
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. | |||||
CVE-2009-3258 | 1 Vtiger | 1 Vtiger Crm | 2024-02-28 | 9.0 HIGH | N/A |
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors. | |||||
CVE-2008-1614 | 1 Sebastian Marsching | 1 Suphp | 2024-02-28 | 4.3 MEDIUM | N/A |
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges. | |||||
CVE-2008-1628 | 1 Linux | 1 Audit | 2024-02-28 | 4.1 MEDIUM | N/A |
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-4147 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | N/A |
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146. | |||||
CVE-2008-0889 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2024-02-28 | 2.1 LOW | N/A |
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. | |||||
CVE-2008-3698 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. | |||||
CVE-2008-2338 | 1 Interspire | 1 Activekb | 2024-02-28 | 7.5 HIGH | N/A |
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. | |||||
CVE-2009-2846 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. | |||||
CVE-2008-4341 | 1 Myblog | 1 Myblog | 2024-02-28 | 7.5 HIGH | N/A |
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. | |||||
CVE-2009-3041 | 1 Spip | 1 Spip | 2024-02-28 | 7.5 HIGH | N/A |
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009. | |||||
CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2024-02-28 | 5.0 MEDIUM | N/A |
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | |||||
CVE-2009-1863 | 1 Adobe | 3 Air, Flash Player, Flex | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." | |||||
CVE-2008-5603 | 1 Aspapps | 1 Aspticker | 2024-02-28 | 5.0 MEDIUM | N/A |
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | |||||
CVE-2009-3866 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 9.3 HIGH | N/A |
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | |||||
CVE-2008-2551 | 1 Icona | 1 Instant Messenger | 2024-02-28 | 9.3 HIGH | N/A |
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run." | |||||
CVE-2009-2669 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | |||||
CVE-2008-4921 | 1 Chipmunk Scripts | 1 Chipmunk Cms | 2024-02-28 | 7.5 HIGH | N/A |
board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information. |