Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0701 | 1 Magnolia | 1 Ce | 2024-02-28 | 5.0 MEDIUM | N/A |
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | |||||
CVE-2007-6668 | 1 Peergoal | 1 Myspace Content Zone | 2024-02-28 | 7.5 HIGH | N/A |
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file. | |||||
CVE-2007-5170 | 1 Sun | 2 Embedded Lights Out Manager, Sun Fire | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the embedded service processor (SP) before 3.09 in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) allows remote attackers to send arbitrary network traffic and use ELOM as a spam proxy. | |||||
CVE-2007-3278 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-02-28 | 6.9 MEDIUM | N/A |
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | |||||
CVE-2007-1460 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. | |||||
CVE-2007-4691 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 10.0 HIGH | N/A |
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. | |||||
CVE-2007-5171 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors. | |||||
CVE-2007-4174 | 1 Tor | 1 Tor | 2024-02-28 | 5.8 MEDIUM | N/A |
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node. | |||||
CVE-2008-1185 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." | |||||
CVE-2007-6246 | 2 Adobe, Linux | 2 Flash Player, Linux Kernel | 2024-02-28 | 4.4 MEDIUM | N/A |
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | |||||
CVE-2007-5134 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. | |||||
CVE-2008-0632 | 1 Lightblog | 1 Lightblog | 2024-02-28 | 9.3 HIGH | N/A |
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory. | |||||
CVE-2008-0740 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 2.1 LOW | N/A |
IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. | |||||
CVE-2007-2279 | 1 Symantec | 1 Veritas Storage Foundation | 2024-02-28 | 9.3 HIGH | N/A |
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. | |||||
CVE-2007-4324 | 1 Adobe | 1 Flash Player | 2024-02-28 | 5.0 MEDIUM | N/A |
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. | |||||
CVE-2008-0145 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | |||||
CVE-2008-1247 | 1 Linksys | 1 Wrt54g | 2024-02-28 | 10.0 HIGH | N/A |
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. | |||||
CVE-2006-6501 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | |||||
CVE-2007-4600 | 1 Ptc | 1 Mathcad | 2024-02-28 | 4.6 MEDIUM | N/A |
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element. | |||||
CVE-2007-0932 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2024-02-28 | 7.5 HIGH | N/A |
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. |