Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5039 | 1 Ghostsecurity | 1 Ghost Security Suite | 2024-02-28 | 2.1 LOW | N/A |
Ghost Security Suite beta 1.110 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtQueryValueKey, (4) NtSetSystemInformation, and (5) NtSetValueKey kernel SSDT hooks. | |||||
CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2024-02-28 | 6.5 MEDIUM | N/A |
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | |||||
CVE-2008-1187 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. | |||||
CVE-2007-3036 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Services For Unix and 2 more | 2024-02-28 | 6.9 MEDIUM | N/A |
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." | |||||
CVE-2007-0471 | 1 Checkpoint | 1 Connectra Ngx | 2024-02-28 | 7.5 HIGH | N/A |
sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. | |||||
CVE-2008-0730 | 1 Sun | 1 Solaris | 2024-02-28 | 4.6 MEDIUM | N/A |
The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users. | |||||
CVE-2008-0805 | 1 Reality | 1 Medias Phpizabi | 2024-02-28 | 9.3 HIGH | N/A |
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures. | |||||
CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 3.3 LOW | N/A |
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | |||||
CVE-2007-5829 | 1 Symantec | 2 Norton Antivirus, Norton Internet Security | 2024-02-28 | 6.0 MEDIUM | N/A |
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. | |||||
CVE-2008-1190 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. | |||||
CVE-2006-7223 | 1 Xwiki | 1 Xwiki | 2024-02-28 | 6.5 MEDIUM | N/A |
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | |||||
CVE-2008-1193 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. | |||||
CVE-2007-3804 | 1 Clavister | 1 Clavister Coreplus | 2024-02-28 | 5.0 MEDIUM | N/A |
The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | |||||
CVE-2007-4694 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | |||||
CVE-2008-0696 | 1 Ibm | 1 Db2 | 2024-02-28 | 7.5 HIGH | N/A |
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | |||||
CVE-2008-0217 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.9 MEDIUM | N/A |
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. | |||||
CVE-2007-0843 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. | |||||
CVE-2007-5328 | 1 Broadcom | 2 Brightstor Arcserve Backup, Brightstor Enterprise Backup | 2024-02-28 | 10.0 HIGH | N/A |
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure." | |||||
CVE-2007-6294 | 1 Ibm | 1 Hardware Management Console | 2024-02-28 | 4.9 MEDIUM | N/A |
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | |||||
CVE-2008-0928 | 1 Qemu | 1 Qemu | 2024-02-28 | 4.7 MEDIUM | N/A |
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. |