Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0767 | 1 Bookelves | 1 Kipper | 2024-02-28 | 5.0 MEDIUM | N/A |
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data. | |||||
CVE-2009-0249 | 1 Katywhitton | 1 Rankem | 2024-02-28 | 5.0 MEDIUM | N/A |
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb. | |||||
CVE-2008-3508 | 1 Wogan May | 1 Litenews | 2024-02-28 | 5.0 MEDIUM | N/A |
LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie. | |||||
CVE-2008-4214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | |||||
CVE-2009-1214 | 1 Gnu | 1 Screen | 2024-02-28 | 4.9 MEDIUM | N/A |
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. | |||||
CVE-2008-3602 | 1 Psychdaily | 1 Php Ring Webring System | 2024-02-28 | 7.5 HIGH | N/A |
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
CVE-2008-1448 | 1 Microsoft | 2 Outlook Express, Windows Mail | 2024-02-28 | 7.1 HIGH | N/A |
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." | |||||
CVE-2008-5129 | 1 Ocean12 Technologies | 1 Poll Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. | |||||
CVE-2008-5852 | 1 Emefa | 1 Emefa Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. | |||||
CVE-2008-4230 | 1 Apple | 2 Iphone Os, Ipod Touch | 2024-02-28 | 1.9 LOW | N/A |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. | |||||
CVE-2009-2911 | 1 Systemtap | 1 Systemtap | 2024-02-28 | 1.9 LOW | N/A |
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. | |||||
CVE-2008-2297 | 1 Roticv | 1 Rantx | 2024-02-28 | 7.5 HIGH | N/A |
The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison. | |||||
CVE-2008-6051 | 1 Metalinks | 1 Metacart | 2024-02-28 | 5.0 MEDIUM | N/A |
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request. | |||||
CVE-2008-1376 | 1 Redhat | 2 Enterprise Linux, Nfs Utils | 2024-02-28 | 7.5 HIGH | N/A |
A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | |||||
CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2024-02-28 | 4.0 MEDIUM | N/A |
2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | |||||
CVE-2009-4222 | 1 Smartisoft | 1 Phpbazar | 2024-02-28 | 7.5 HIGH | N/A |
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request. | |||||
CVE-2008-7167 | 1 Sami Ekblad | 1 Page Manager | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2009-2673 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 7.5 HIGH | N/A |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | |||||
CVE-2009-0399 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2024-02-28 | 7.5 HIGH | N/A |
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions. | |||||
CVE-2009-0637 | 1 Cisco | 2 Ios, Ios Xr | 2024-02-28 | 7.1 HIGH | N/A |
The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. |