Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3225 | 1 Joomla | 1 Joomla | 2025-04-09 | 10.0 HIGH | N/A |
| Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | |||||
| CVE-2009-1582 | 1 Kalptarudemos | 1 Million Dollar Text Links | 2025-04-09 | 7.5 HIGH | N/A |
| Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | |||||
| CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2025-04-09 | 7.5 HIGH | N/A |
| NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | |||||
| CVE-2008-2830 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.2 HIGH | N/A |
| Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | |||||
| CVE-2008-1397 | 1 Checkpoint | 5 Check Point Vpn-1 Pro, Vpn-1, Vpn-1 Firewall-1 and 2 more | 2025-04-09 | 6.5 MEDIUM | N/A |
| Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. | |||||
| CVE-2008-0148 | 1 Tutos | 1 Tutos | 2025-04-09 | 10.0 HIGH | N/A |
| TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. | |||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2025-04-09 | 7.5 HIGH | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2174 | 1 Shelter Manager | 1 Animal Shelter Manager | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing." | |||||
| CVE-2008-4413 | 1 Hp | 2 Hp-ux, System Management Homepage | 2025-04-09 | 6.2 MEDIUM | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions. | |||||
| CVE-2009-4235 | 1 Tim Hockin | 1 Acpid | 2025-04-09 | 6.9 MEDIUM | N/A |
| acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033. | |||||
| CVE-2008-4676 | 1 Citrix | 3 Access Essentials, Presentation Server, Xenapp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. | |||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2025-04-09 | 4.0 MEDIUM | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | |||||
| CVE-2009-0170 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. | |||||
| CVE-2007-1150 | 1 Lovecms | 1 Lovecms | 2025-04-09 | 3.6 LOW | N/A |
| Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/. | |||||
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2025-04-09 | 7.5 HIGH | N/A |
| News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | |||||
| CVE-2008-6932 | 1 Alstrasoft | 1 Sendit | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | |||||
| CVE-2008-1572 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.6 MEDIUM | N/A |
| Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | |||||
| CVE-2008-6871 | 1 Merlix | 1 Educate Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. | |||||
| CVE-2008-1215 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-09 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. | |||||
| CVE-2009-2718 | 2 Sun, X.org | 2 Java Se, X11 | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | |||||