Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6650 | 1 Mywebland | 1 Minibloggie | 2024-02-28 | 5.0 MEDIUM | N/A |
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628. | |||||
CVE-2008-3525 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | |||||
CVE-2009-3106 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | |||||
CVE-2008-2420 | 1 Stunnel | 1 Stunnel | 2024-02-28 | 6.8 MEDIUM | N/A |
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. | |||||
CVE-2008-4507 | 1 Ibm | 1 Lotus Quickr | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. | |||||
CVE-2008-4334 | 1 Cannot | 1 Php Infoboard | 2024-02-28 | 7.5 HIGH | N/A |
PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | |||||
CVE-2009-2737 | 1 Toni Mueller | 1 Roundup | 2024-02-28 | 5.5 MEDIUM | N/A |
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users. | |||||
CVE-2008-6747 | 1 Dotproject | 1 Dotproject | 2024-02-28 | 6.8 MEDIUM | N/A |
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2803 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 6.8 MEDIUM | N/A |
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. | |||||
CVE-2008-5716 | 1 Citrix | 1 Xen | 2024-02-28 | 7.2 HIGH | N/A |
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | |||||
CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2024-02-28 | 5.0 MEDIUM | N/A |
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | |||||
CVE-2008-2232 | 1 Afuse | 1 Afuse | 2024-02-28 | 4.6 MEDIUM | N/A |
The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname. | |||||
CVE-2009-0613 | 1 Trendmicro | 1 Interscan Web Security Suite | 2024-02-28 | 6.0 MEDIUM | N/A |
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. | |||||
CVE-2009-0367 | 1 Wesnoth | 1 Wesnoth | 2024-02-28 | 9.3 HIGH | N/A |
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module. | |||||
CVE-2009-2091 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2009-2461 | 1 Forkosh | 1 Mathtex | 2024-02-28 | 7.2 HIGH | N/A |
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors. | |||||
CVE-2008-5853 | 1 Chicomas | 1 Chicomas | 2024-02-28 | 5.0 MEDIUM | N/A |
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI. | |||||
CVE-2008-1657 | 1 Openbsd | 1 Openssh | 2024-02-28 | 6.5 MEDIUM | N/A |
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. | |||||
CVE-2009-1922 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more | 2024-02-28 | 6.9 MEDIUM | N/A |
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." | |||||
CVE-2008-4060 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. |