Total
5226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0436 | 1 Barron Mccann | 4 Install, X-kryptor Driver, X-kryptor Secure Client and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
| Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer. | |||||
| CVE-2007-1045 | 1 Malbum | 1 Malbum | 2024-02-28 | 10.0 HIGH | N/A |
| mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges. | |||||
| CVE-2008-0657 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | |||||
| CVE-2007-4967 | 1 Online Armor | 1 Personal Firewall | 2024-02-28 | 4.4 MEDIUM | N/A |
| Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. | |||||
| CVE-2007-5936 | 2 Tetex, Tug | 2 Tetex, Texlive 2007 | 2024-02-28 | 3.6 LOW | N/A |
| dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. | |||||
| CVE-2007-5819 | 1 Ibm | 1 Tivoli Continuous Data Protection For Files | 2024-02-28 | 2.1 LOW | N/A |
| IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. | |||||
| CVE-2007-3242 | 2 Web-app.net, Web-app.org | 2 Webapp, Webapp | 2024-02-28 | 7.5 HIGH | N/A |
| The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu. | |||||
| CVE-2006-6683 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2024-02-28 | 7.8 HIGH | N/A |
| Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM. | |||||
| CVE-2007-6499 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." | |||||
| CVE-2007-6395 | 1 Flat Php | 1 Board | 2024-02-28 | 5.0 MEDIUM | N/A |
| Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. | |||||
| CVE-2007-6434 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
| Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function. | |||||
| CVE-2007-5945 | 1 Usvn | 1 User-friendly Svn | 2024-02-28 | 5.0 MEDIUM | N/A |
| USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | |||||
| CVE-2008-0731 | 3 Linux, Novell, Suse | 3 Linux Kernel, Apparmor, Open Suse | 2024-02-28 | 7.5 HIGH | N/A |
| The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. | |||||
| CVE-2007-5771 | 1 Flatnuke3 | 1 Flatnuke3 | 2024-02-28 | 7.5 HIGH | N/A |
| Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie. | |||||
| CVE-2008-0245 | 1 Uploadscript | 2 Uploadimage, Uploadscript | 2024-02-28 | 7.5 HIGH | N/A |
| admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | |||||
| CVE-2007-1893 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 4.9 MEDIUM | N/A |
| xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." | |||||
| CVE-2007-4609 | 1 Eyeos Project | 1 Eyeos | 2024-02-28 | 6.4 MEDIUM | N/A |
| eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. | |||||
| CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. | |||||
| CVE-2007-5851 | 1 Apple | 1 Mac Os X | 2024-02-28 | 3.6 LOW | N/A |
| iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | |||||
| CVE-2007-4669 | 1 Firebirdsql | 1 Firebird | 2024-02-28 | 4.0 MEDIUM | N/A |
| The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | |||||