Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4060 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. | ||||
| CVE-2008-4059 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. | ||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | ||||
| CVE-2007-5342 | 2 Apache, Redhat | 5 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2025-04-09 | N/A |
| The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. | ||||
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2025-04-09 | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | ||||
| CVE-2008-6053 | 1 Preprojects | 1 Pre Resume Submitter | 2025-04-09 | N/A |
| PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-3972 | 2 Opensc-project, Siemens | 2 Opensc, Cardos | 2025-04-09 | N/A |
| pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. | ||||
| CVE-2008-4506 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | ||||
| CVE-2008-4415 | 1 Hp | 1 Service Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. | ||||
| CVE-2008-4413 | 1 Hp | 2 Hp-ux, System Management Homepage | 2025-04-09 | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions. | ||||
| CVE-2008-3856 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | ||||
| CVE-2007-0932 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2025-04-09 | N/A |
| The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. | ||||
| CVE-2009-2648 | 1 Flashden | 1 Guestbook | 2025-04-09 | N/A |
| FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2008-3852 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | ||||
| CVE-2008-3836 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions. | ||||
| CVE-2008-3835 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | ||||
| CVE-2009-0579 | 1 Linux-pam | 1 Linux-pam | 2025-04-09 | N/A |
| Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. | ||||
| CVE-2008-3619 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | ||||
| CVE-2007-1461 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | ||||
| CVE-2009-1771 | 1 Flyspeck | 1 Flyspeck Cms | 2025-04-09 | N/A |
| index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters. | ||||