Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | ||||
| CVE-2008-0402 | 1 Ibm | 1 Websphere Business Modeler | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. | ||||
| CVE-2008-6966 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | N/A |
| AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php. | ||||
| CVE-2008-4915 | 1 Vmware | 6 Ace, Esx, Esxi and 3 more | 2025-04-09 | N/A |
| The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS. | ||||
| CVE-2007-1150 | 1 Lovecms | 1 Lovecms | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/. | ||||
| CVE-2008-3525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | ||||
| CVE-2008-0577 | 1 Drupal | 1 Project Issue Tracking Module | 2025-04-09 | N/A |
| The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML. | ||||
| CVE-2008-5041 | 1 Sweex | 1 Ro002 Router | 2025-04-09 | N/A |
| Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4972 | 1 Sysinternals | 1 Regmon | 2025-04-09 | N/A |
| RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions. | ||||
| CVE-2008-1190 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. | ||||
| CVE-2007-5254 | 1 Virusblokada | 1 Vba32 Antivirus | 2025-04-09 | N/A |
| VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe. | ||||
| CVE-2008-5896 | 1 Codeavalanche | 1 Ratemysite | 2025-04-09 | N/A |
| CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6211 | 2 Debian, Sing | 2 Debian Linux, Sing | 2025-04-09 | N/A |
| Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation. | ||||
| CVE-2008-3107 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2025-04-09 | N/A |
| Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2008-4484 | 1 Crux Software | 1 Gallery | 2025-04-09 | N/A |
| main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | ||||
| CVE-2008-0897 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. | ||||
| CVE-2008-1692 | 1 Eterm | 1 Eterm | 2025-04-09 | N/A |
| Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | ||||
| CVE-2009-1322 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2025-04-09 | N/A |
| ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb. | ||||
| CVE-2008-4581 | 1 Ibm | 1 Enovia Smarteam | 2025-04-09 | N/A |
| The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. | ||||