Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0777 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.9 MEDIUM | N/A |
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. | |||||
CVE-2007-1036 | 1 Jboss | 1 Jboss Application Server | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. | |||||
CVE-2007-2815 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 10.0 HIGH | N/A |
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | |||||
CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2024-02-28 | 4.3 MEDIUM | N/A |
The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | |||||
CVE-2008-0843 | 1 Statcountex | 1 Statcountex | 2024-02-28 | 6.4 MEDIUM | N/A |
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. | |||||
CVE-2008-0350 | 1 Evilsentinel | 1 Evilsentinel | 2024-02-28 | 7.5 HIGH | N/A |
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. | |||||
CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | |||||
CVE-2007-5686 | 1 Rpath | 1 Rpath Linux | 2024-02-28 | 4.9 MEDIUM | N/A |
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. | |||||
CVE-2007-4746 | 1 Cisco | 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software | 2024-02-28 | 9.0 HIGH | N/A |
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681. | |||||
CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2024-02-28 | 6.4 MEDIUM | N/A |
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0588 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||||
CVE-2007-4390 | 1 Bluecat Networks | 1 Adonis | 2024-02-28 | 7.2 HIGH | N/A |
The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command. | |||||
CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.4 HIGH | N/A |
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | |||||
CVE-2007-4569 | 1 Kde | 1 Kde | 2024-02-28 | 6.8 MEDIUM | N/A |
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | |||||
CVE-2007-4972 | 1 Sysinternals | 1 Regmon | 2024-02-28 | 1.9 LOW | N/A |
RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions. | |||||
CVE-2007-2435 | 1 Sun | 3 Java Enterprise System, Jre, Sdk | 2024-02-28 | 10.0 HIGH | N/A |
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. | |||||
CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2024-02-28 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | |||||
CVE-2007-5062 | 1 Adam Scheinberg | 1 Flip | 2024-02-28 | 7.5 HIGH | N/A |
account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action. | |||||
CVE-2007-5038 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation. | |||||
CVE-2007-3782 | 1 Mysql | 1 Community Server | 2024-02-28 | 3.5 LOW | N/A |
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. |