Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2488 | 1 Beaussier | 1 Roomphplanning | 2024-02-28 | 6.5 MEDIUM | N/A |
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts. | |||||
CVE-2008-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 1.9 LOW | N/A |
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||||
CVE-2008-1436 | 1 Microsoft | 5 Windows-nt, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 9.0 HIGH | N/A |
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. | |||||
CVE-2008-5462 | 1 Oracle | 1 Bea Product Suite | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2008-4313 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2024-02-28 | 6.0 MEDIUM | N/A |
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. | |||||
CVE-2008-6603 | 1 Moinmo | 1 Moinmoin | 2024-02-28 | 6.8 MEDIUM | N/A |
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | |||||
CVE-2008-5130 | 1 Ocean12 Technologies | 1 Calendar Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | |||||
CVE-2009-0343 | 2 Linux, Niels Provos | 2 Linux Kernel, Systrace | 2024-02-28 | 7.2 HIGH | N/A |
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes. | |||||
CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | |||||
CVE-2008-3450 | 1 Sun | 1 Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | |||||
CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160. | |||||
CVE-2008-6619 | 1 Netlab | 1 Classsystem | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/. | |||||
CVE-2008-4815 | 2 Adobe, Unix | 3 Acrobat, Acrobat Reader, Unix | 2024-02-28 | 7.5 HIGH | N/A |
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. | |||||
CVE-2008-3655 | 1 Ruby-lang | 1 Ruby | 2024-02-28 | 7.5 HIGH | N/A |
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. | |||||
CVE-2003-1571 | 1 Webwizguide | 1 Web Wiz Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. | |||||
CVE-2008-5600 | 1 Merlix | 1 Teamworx Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. | |||||
CVE-2008-3553 | 2 Nokia, Sun | 2 Series 40, J2me | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-1027 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | |||||
CVE-2009-0827 | 1 Freedville | 1 Pollhelper | 2024-02-28 | 5.0 MEDIUM | N/A |
PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | |||||
CVE-2008-2293 | 1 Tpvgames | 1 Mpcs | 2024-02-28 | 7.5 HIGH | N/A |
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1. |