Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1896 | 2 Fedoraproject, Sun | 2 Fedora, Openjdk | 2024-02-28 | 10.0 HIGH | N/A |
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. | |||||
CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2024-02-28 | 5.0 MEDIUM | N/A |
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
CVE-2009-1631 | 1 Gnome | 1 Evolution | 2024-02-28 | 2.1 LOW | N/A |
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | |||||
CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2024-02-28 | 7.5 HIGH | N/A |
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | |||||
CVE-2008-5606 | 1 Gazatem Technologies | 1 Qmail Mailing List Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. | |||||
CVE-2008-4793 | 1 Drupal | 1 Drupal | 2024-02-28 | 7.5 HIGH | N/A |
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | |||||
CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2024-02-28 | 7.5 HIGH | N/A |
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
CVE-2008-3681 | 1 Joomla | 1 Com User | 2024-02-28 | 7.5 HIGH | N/A |
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. | |||||
CVE-2008-2294 | 1 Mreaves | 1 Pet Grooming Management System | 2024-02-28 | 7.5 HIGH | N/A |
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin." | |||||
CVE-2008-3742 | 1 Drupal | 1 Drupal | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. | |||||
CVE-2008-1692 | 1 Eterm | 1 Eterm | 2024-02-28 | 6.9 MEDIUM | N/A |
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | |||||
CVE-2008-7170 | 1 Gameservers | 1 Gsc | 2024-02-28 | 10.0 HIGH | N/A |
GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | |||||
CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2024-02-28 | 7.5 HIGH | N/A |
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | |||||
CVE-2008-5905 | 1 Ktorrent | 1 Ktorrent | 2024-02-28 | 4.3 MEDIUM | N/A |
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request. | |||||
CVE-2009-3375 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | |||||
CVE-2008-2830 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | |||||
CVE-2008-4252 | 1 Microsoft | 5 Office Frontpage, Project, Visual Basic and 2 more | 2024-02-28 | 8.5 HIGH | N/A |
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." | |||||
CVE-2009-0194 | 1 Garmin | 1 Garmin Communicator Plugin | 2024-02-28 | 9.3 HIGH | N/A |
The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." | |||||
CVE-2009-2606 | 1 Brainjar | 1 Asp Football Pool | 2024-02-28 | 5.0 MEDIUM | N/A |
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb. | |||||
CVE-2008-2308 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. |