Total
5226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7108 | 1 Andries Brouwer | 1 Util-linux | 2024-02-28 | 4.1 MEDIUM | N/A |
| login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. | |||||
| CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2024-02-28 | 5.0 MEDIUM | N/A |
| PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2024-02-28 | 2.1 LOW | N/A |
| Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | |||||
| CVE-2007-2985 | 1 Pheap | 1 Pheap | 2024-02-28 | 10.0 HIGH | N/A |
| Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php. | |||||
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 7.5 HIGH | N/A |
| BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | |||||
| CVE-2007-6243 | 1 Adobe | 1 Flash Player | 2024-02-28 | 9.3 HIGH | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | |||||
| CVE-2007-4733 | 1 Aztech | 1 Dsl 600eu Router | 2024-02-28 | 9.3 HIGH | N/A |
| The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. | |||||
| CVE-2007-6319 | 1 Lyris | 1 List Manager | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." | |||||
| CVE-2008-0556 | 1 Openca | 1 Openca Pki | 2024-02-28 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer. | |||||
| CVE-2008-1095 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. | |||||
| CVE-2007-6200 | 2 Rsync, Slackware | 2 Rsync, Slackware Linux | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. | |||||
| CVE-2007-6496 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 6.8 MEDIUM | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654. | |||||
| CVE-2008-0807 | 2 Debian, Horde | 4 Debian Linux, Groupware, Groupware Webmail Edition and 1 more | 2024-02-28 | 4.9 MEDIUM | N/A |
| lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | |||||
| CVE-2008-0233 | 1 Zero Cms | 1 Zero Cms | 2024-02-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg. | |||||
| CVE-2007-6174 | 1 Phpdevshell | 1 Phpdevshell | 2024-02-28 | 8.5 HIGH | N/A |
| PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0628 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 7.8 HIGH | N/A |
| The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | |||||
| CVE-2007-4668 | 1 Firebirdsql | 1 Firebird | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312. | |||||
| CVE-2007-3852 | 1 Sysstat | 1 Sysstat | 2024-02-28 | 4.4 MEDIUM | N/A |
| The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code. | |||||
| CVE-2008-0580 | 1 Geert Moernaut | 2 Lsrunase, Supercrypt | 2024-02-28 | 2.1 LOW | N/A |
| Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering. | |||||
| CVE-2007-3500 | 1 Xeforum | 1 Xeforum | 2024-02-28 | 10.0 HIGH | N/A |
| Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie. | |||||