Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2024-02-28 | 1.9 LOW | N/A |
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | |||||
CVE-2007-4798 | 1 Ibm | 1 Aix | 2024-02-28 | 6.6 MEDIUM | N/A |
Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix". | |||||
CVE-2007-6500 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | |||||
CVE-2007-4651 | 1 Adobe | 1 Connect Enterprise Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. | |||||
CVE-2008-1112 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0928. Reason: This candidate is a duplicate of CVE-2008-0928. Notes: All CVE users should reference CVE-2008-0928 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2007-2138 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2024-02-28 | 6.0 MEDIUM | N/A |
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." | |||||
CVE-2007-5352 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. | |||||
CVE-2008-0900 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Express | 2024-02-28 | 6.0 MEDIUM | N/A |
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. | |||||
CVE-2007-6049 | 3 Ibm, Linux, Unix | 3 Db2 Universal Database, Linux Kernel, Unix | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root. | |||||
CVE-2007-5682 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 7.5 HIGH | N/A |
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. | |||||
CVE-2007-4699 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | |||||
CVE-2007-5236 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 5.4 MEDIUM | N/A |
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. | |||||
CVE-2007-5827 | 2 Debian, Iscsitarget | 2 Debian Linux, Iscsitarget | 2024-02-28 | 2.1 LOW | N/A |
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | |||||
CVE-2007-5757 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697. | |||||
CVE-2008-0896 | 1 Bea Systems | 1 Weblogic Portal | 2024-02-28 | 4.9 MEDIUM | N/A |
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | |||||
CVE-2007-4610 | 1 Dale Mooney | 1 Moon Gallery | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php. | |||||
CVE-2008-0865 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | |||||
CVE-2008-0897 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 7.9 HIGH | N/A |
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. | |||||
CVE-2008-1139 | 1 Deslock | 1 Deslock | 2024-02-28 | 7.2 HIGH | N/A |
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability. | |||||
CVE-2007-6504 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. |