Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2024-02-28 | 7.5 HIGH | N/A |
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
CVE-2008-1099 | 1 Moinmoin | 1 Moinmoin | 2024-02-28 | 5.0 MEDIUM | N/A |
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. | |||||
CVE-2008-0135 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. | |||||
CVE-2007-5230 | 1 Zomplog | 1 Zomplog | 2024-02-28 | 7.5 HIGH | N/A |
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231. | |||||
CVE-2007-6644 | 1 Joomla | 1 Joomla | 2024-02-28 | 6.5 MEDIUM | N/A |
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. | |||||
CVE-2006-7114 | 1 Planerd.net | 1 P-news | 2024-02-28 | 5.0 MEDIUM | N/A |
P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888. | |||||
CVE-2007-6424 | 1 Netfortris | 1 Trixbox | 2024-02-28 | 4.3 MEDIUM | N/A |
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack. | |||||
CVE-2007-0729 | 1 Apple | 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
CVE-2007-1309 | 1 Novell | 1 Access Manager | 2024-02-28 | 9.0 HIGH | N/A |
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. | |||||
CVE-2007-3912 | 1 Debian | 1 Debian-goodies | 2024-02-28 | 7.2 HIGH | N/A |
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | |||||
CVE-2007-4338 | 1 Haudenschilt | 1 Family Connections Cms | 2024-02-28 | 10.0 HIGH | N/A |
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter. | |||||
CVE-2007-4315 | 3 Amd, Ati, Microsoft | 3 Catalyst Driver, Catalyst Driver, Windows Vista | 2024-02-28 | 6.9 MEDIUM | N/A |
The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". | |||||
CVE-2007-3186 | 1 Apple | 1 Safari | 2024-02-28 | 9.3 HIGH | N/A |
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | |||||
CVE-2007-4647 | 1 2coolcode | 1 Our Space | 2024-02-28 | 5.0 MEDIUM | N/A |
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi. | |||||
CVE-2007-4701 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 2.1 LOW | N/A |
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | |||||
CVE-2008-0573 | 1 Safenet | 3 Ipsecdrv.sys, Safenet Highassurance Remote, Softremote Vpn Client | 2024-02-28 | 7.2 HIGH | N/A |
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request. | |||||
CVE-2007-5040 | 1 Ghostsecurity | 1 Ghost Security Suite | 2024-02-28 | 2.1 LOW | N/A |
Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks. | |||||
CVE-2007-6056 | 1 Aida-orga | 1 Aida-web | 2024-02-28 | 5.0 MEDIUM | N/A |
frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters. | |||||
CVE-2007-6081 | 1 Adventnet | 1 Eventlog Analyzer | 2024-02-28 | 7.5 HIGH | N/A |
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | |||||
CVE-2008-0779 | 1 Fortinet | 1 Forticlient Host Security | 2024-02-28 | 7.2 HIGH | N/A |
The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. |