Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2718 | 2 Sun, X.org | 2 Java Se, X11 | 2024-02-28 | 6.8 MEDIUM | N/A |
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | |||||
CVE-2009-0477 | 1 Sun | 1 Opensolaris | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the process (aka proc) filesystem in Sun OpenSolaris snv_85 through snv_100 allows local users to gain privileges via vectors related to the contract filesystem. | |||||
CVE-2008-6293 | 1 Accscripts | 1 Acc Real Estate | 2024-02-28 | 7.5 HIGH | N/A |
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | |||||
CVE-2009-0345 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717. | |||||
CVE-2008-1780 | 1 Sun | 1 Solaris | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. | |||||
CVE-2008-2324 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. | |||||
CVE-2009-1679 | 1 Apple | 2 Iphone Os, Ipod Touch | 2024-02-28 | 2.1 LOW | N/A |
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. | |||||
CVE-2009-2024 | 1 Vt.rovno | 1 Asp Vt Auth | 2024-02-28 | 5.0 MEDIUM | N/A |
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. | |||||
CVE-2008-6914 | 1 Zeeways | 1 Zeeproperty | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/. | |||||
CVE-2009-0024 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. | |||||
CVE-2008-1332 | 1 Asterisk | 6 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 3 more | 2024-02-28 | 8.8 HIGH | N/A |
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. | |||||
CVE-2009-1771 | 1 Flyspeck | 1 Flyspeck Cms | 2024-02-28 | 7.5 HIGH | N/A |
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters. | |||||
CVE-2008-2348 | 1 Meltingicefs | 1 Meltingice File System | 2024-02-28 | 7.5 HIGH | N/A |
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php. | |||||
CVE-2009-3860 | 1 Idefense | 1 Comraider | 2024-02-28 | 5.8 MEDIUM | N/A |
Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer. | |||||
CVE-2009-0436 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.2 HIGH | N/A |
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. | |||||
CVE-2008-3395 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | N/A |
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0169 | 1 Ikiwiki | 1 Ikiwiki | 2024-02-28 | 6.8 MEDIUM | N/A |
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. | |||||
CVE-2008-6871 | 1 Merlix | 1 Educate Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. | |||||
CVE-2008-3485 | 1 Citrix | 2 Metaframe Presentation Server, Xp | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. | |||||
CVE-2008-6736 | 1 Circulargenius | 1 Flat Calendar | 2024-02-28 | 6.4 MEDIUM | N/A |
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. |