Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6736 | 1 Circulargenius | 1 Flat Calendar | 2025-04-09 | N/A |
| Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | ||||
| CVE-2007-5771 | 1 Flatnuke3 | 1 Flatnuke3 | 2025-04-09 | N/A |
| Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie. | ||||
| CVE-2009-4438 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | ||||
| CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2025-04-09 | N/A |
| The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | ||||
| CVE-2008-3717 | 1 Harmoni | 1 Harmoni | 2025-04-09 | N/A |
| Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2008-3825 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | N/A |
| pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. | ||||
| CVE-2009-2689 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-09 | N/A |
| JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | ||||
| CVE-2009-0637 | 1 Cisco | 2 Ios, Ios Xr | 2025-04-09 | N/A |
| The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. | ||||
| CVE-2006-5585 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." | ||||
| CVE-2009-1922 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more | 2025-04-09 | N/A |
| The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." | ||||
| CVE-2007-3242 | 2 Web-app.net, Web-app.org | 2 Webapp, Webapp | 2025-04-09 | N/A |
| The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu. | ||||
| CVE-2009-2717 | 2 Microsoft, Sun | 2 Windows 2000, Java Se | 2025-04-09 | N/A |
| The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | ||||
| CVE-2009-1550 | 1 Zakkis | 1 Abc Advertise | 2025-04-09 | N/A |
| Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request. | ||||
| CVE-2009-2712 | 1 Sun | 3 Java System Access Manager, Java System Web Server, Opensso Enterprise | 2025-04-09 | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | ||||
| CVE-2009-1051 | 1 Chaozz | 1 Fubarforum | 2025-04-09 | N/A |
| FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | ||||
| CVE-2008-5596 | 1 Dotnetindex | 1 Ikon Admanager | 2025-04-09 | N/A |
| Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | ||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | ||||
| CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160. | ||||
| CVE-2009-2718 | 3 Redhat, Sun, X.org | 3 Rhel Extras, Java Se, X11 | 2025-04-09 | N/A |
| The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | ||||
| CVE-2007-6598 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2025-04-09 | N/A |
| Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | ||||