Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0941 | 1 Hp | 154 8100c Digital Sender, 9100c Digital Sender, 9200c Digital Sender and 151 more | 2024-02-28 | 7.6 HIGH | N/A |
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. | |||||
CVE-2009-0342 | 2 Linux, Provos | 2 Linux Kernel, Systrace | 2024-02-28 | 7.2 HIGH | N/A |
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. | |||||
CVE-2008-5512 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." | |||||
CVE-2008-4790 | 1 Drupal | 1 Drupal | 2024-02-28 | 6.0 MEDIUM | N/A |
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | |||||
CVE-2008-1710 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable. | |||||
CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2024-02-28 | 4.6 MEDIUM | N/A |
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
CVE-2008-5549 | 1 Sun | 1 Java System Portal Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." | |||||
CVE-2008-6399 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-28 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. | |||||
CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2024-02-28 | 7.5 HIGH | N/A |
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | |||||
CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2024-02-28 | 7.5 HIGH | N/A |
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2024-02-28 | 5.5 MEDIUM | N/A |
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | |||||
CVE-2008-7217 | 1 Microsoft | 1 Office | 2024-02-28 | 4.6 MEDIUM | N/A |
Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. | |||||
CVE-2009-0803 | 1 Smoothwall | 3 Networkguardian, Schoolguardian, Smoothguardian | 2024-02-28 | 5.4 MEDIUM | N/A |
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
CVE-2008-2003 | 1 Badblue | 1 Badblue | 2024-02-28 | 7.5 HIGH | N/A |
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378. | |||||
CVE-2009-0806 | 1 Opengoo | 1 Opengoo | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors. | |||||
CVE-2008-1473 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-28 | 7.2 HIGH | N/A |
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. | |||||
CVE-2009-0382 | 1 Drupal | 2 Drupal, Internationalization | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. | |||||
CVE-2008-5384 | 1 Ibm | 1 Aix | 2024-02-28 | 6.9 MEDIUM | N/A |
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | |||||
CVE-2008-1483 | 1 Openbsd | 1 Openssh | 2024-02-28 | 6.9 MEDIUM | N/A |
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. | |||||
CVE-2008-3972 | 2 Opensc-project, Siemens | 2 Opensc, Cardos | 2024-02-28 | 6.6 MEDIUM | N/A |
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. |