Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1582 | 1 Kalptarudemos | 1 Million Dollar Text Links | 2024-02-28 | 7.5 HIGH | N/A |
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | |||||
CVE-2008-3104 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. | |||||
CVE-2008-4453 | 1 Dspicture | 2 Light Imaging Toolkit, Pro Imaging Sdk | 2024-02-28 | 9.3 HIGH | N/A |
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2024-02-28 | 7.5 HIGH | N/A |
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | |||||
CVE-2008-4472 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2024-02-28 | 9.3 HIGH | N/A |
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | |||||
CVE-2008-1783 | 1 Prozilla | 1 Reviews | 2024-02-28 | 6.4 MEDIUM | N/A |
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | |||||
CVE-2008-3924 | 1 Hans Oesterholt | 1 Cmme | 2024-02-28 | 4.3 MEDIUM | N/A |
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19. | |||||
CVE-2009-1413 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability. | |||||
CVE-2008-4676 | 1 Citrix | 3 Access Essentials, Presentation Server, Xenapp | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. | |||||
CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | |||||
CVE-2008-2824 | 1 Xerox | 1 Workcentre | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | |||||
CVE-2008-4415 | 1 Hp | 1 Service Manager | 2024-02-28 | 9.0 HIGH | N/A |
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
CVE-2009-3725 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. | |||||
CVE-2008-3494 | 1 8e6 | 1 R3000 Internet Filter | 2024-02-28 | 7.8 HIGH | N/A |
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header. | |||||
CVE-2009-2025 | 1 Dutchmonkey | 1 Dm Filemanager | 2024-02-28 | 7.5 HIGH | N/A |
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values. | |||||
CVE-2008-2313 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | |||||
CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2024-02-28 | 5.0 MEDIUM | N/A |
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | |||||
CVE-2008-1592 | 3 Hp, Ibm, Tandem Computers | 3 Nonstop, Websphere Mq, Tandem Operating System | 2024-02-28 | 4.6 MEDIUM | N/A |
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels." | |||||
CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. |