Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2349 | 1 Zomp | 1 Zomplog | 2024-02-28 | 7.5 HIGH | N/A |
Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. | |||||
CVE-2008-2078 | 1 Robocode | 1 Robocode | 2024-02-28 | 7.5 HIGH | N/A |
Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue. | |||||
CVE-2009-0536 | 1 Ibm | 1 Aix | 2024-02-28 | 4.9 MEDIUM | N/A |
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. | |||||
CVE-2008-2717 | 2 Apache, Typo3 | 2 Apache Webserver, Typo3 | 2024-02-28 | 6.5 MEDIUM | N/A |
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | |||||
CVE-2008-6701 | 1 Netscout | 2 Ngenius Infinistream, Visualizer | 2024-02-28 | 7.5 HIGH | N/A |
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request. | |||||
CVE-2009-3461 | 1 Adobe | 1 Acrobat | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors. | |||||
CVE-2009-0438 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. | |||||
CVE-2009-1767 | 1 2daybiz | 1 Template Monster Clone | 2024-02-28 | 5.0 MEDIUM | N/A |
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter. | |||||
CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2024-02-28 | 5.0 MEDIUM | N/A |
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | |||||
CVE-2008-2138 | 1 Oracle | 1 Application Server Portal | 2024-02-28 | 5.0 MEDIUM | N/A |
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report. | |||||
CVE-2009-2125 | 1 Elvinbts | 1 Elvinbts | 2024-02-28 | 4.0 MEDIUM | N/A |
delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs. | |||||
CVE-2009-0250 | 1 Ryneezy | 1 Phosheezy | 2024-02-28 | 5.0 MEDIUM | N/A |
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password. | |||||
CVE-2008-1995 | 1 Sun | 1 Java System Directory Server | 2024-02-28 | 7.5 HIGH | N/A |
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. | |||||
CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2024-02-28 | 7.5 HIGH | N/A |
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | |||||
CVE-2009-0078 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." | |||||
CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2024-02-28 | 5.0 MEDIUM | N/A |
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | |||||
CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2024-02-28 | 5.0 MEDIUM | N/A |
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | |||||
CVE-2008-1142 | 7 Aterm, Eterm, Mrxvt and 4 more | 7 Aterm, Eterm, Mrxvt and 4 more | 2024-02-28 | 3.7 LOW | N/A |
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | |||||
CVE-2009-3596 | 1 Joxtechnology | 1 Ajox Poll | 2024-02-28 | 7.5 HIGH | N/A |
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request. | |||||
CVE-2009-2476 | 1 Sun | 2 Java Se, Openjdk | 2024-02-28 | 10.0 HIGH | N/A |
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. |