Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4112 | 1 Cacti | 1 Cacti | 2024-02-28 | 9.0 HIGH | N/A |
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | |||||
CVE-2008-4018 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805. | |||||
CVE-2008-6055 | 1 Preprojects | 1 Pre Classified Listings | 2024-02-28 | 5.0 MEDIUM | N/A |
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
CVE-2008-2707 | 2 Intel, Sun | 4 Network Interface Controller, Opensolaris, Solaris and 1 more | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. | |||||
CVE-2009-2935 | 1 Google | 1 Chrome | 2024-02-28 | 10.0 HIGH | N/A |
Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. | |||||
CVE-2009-1652 | 1 2daybiz | 1 Business Community Script | 2024-02-28 | 7.5 HIGH | N/A |
admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. | |||||
CVE-2008-5461 | 1 Oracle | 1 Bea Product Suite | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. | |||||
CVE-2007-6711 | 1 Freewebshop | 1 Freewebshop | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors. | |||||
CVE-2008-1515 | 1 Otrs | 1 Otrs | 2024-02-28 | 6.4 MEDIUM | N/A |
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." | |||||
CVE-2009-1953 | 1 Ibm | 1 Filenet Content Manager | 2024-02-28 | 4.6 MEDIUM | N/A |
IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. | |||||
CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2024-02-28 | 5.0 MEDIUM | N/A |
internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-2539 | 1 Sun | 1 Cluster | 2024-02-28 | 7.2 HIGH | N/A |
The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors. | |||||
CVE-2008-2810 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. | |||||
CVE-2008-5602 | 1 Natterchat | 1 Natterchat | 2024-02-28 | 5.0 MEDIUM | N/A |
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. | |||||
CVE-2009-3264 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. | |||||
CVE-2008-3573 | 2 Php-nuke, Pligg | 2 Php-nuke, Pligg | 2024-02-28 | 5.0 MEDIUM | N/A |
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. | |||||
CVE-2008-5855 | 1 Myphpscripts | 1 Login Session | 2024-02-28 | 5.0 MEDIUM | N/A |
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt. | |||||
CVE-2008-1362 | 1 Vmware | 6 Ace, Player, Server and 3 more | 2024-02-28 | 7.2 HIGH | N/A |
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. | |||||
CVE-2008-5916 | 1 Git | 1 Git | 2024-02-28 | 4.6 MEDIUM | N/A |
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | |||||
CVE-2008-3454 | 1 Jnshosts | 1 Php Hosting Directory | 2024-02-28 | 7.5 HIGH | N/A |
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1. |