Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0038 | 1 Apple | 1 Mac Os X | 2025-04-09 | 1.9 LOW | N/A |
| Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | |||||
| CVE-2008-2882 | 1 Aspindir | 1 Shibby Shop | 2025-04-09 | 7.5 HIGH | N/A |
| upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. | |||||
| CVE-2008-2148 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 3.6 LOW | N/A |
| The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. | |||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 6.8 MEDIUM | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||||
| CVE-2009-3557 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. | |||||
| CVE-2009-2690 | 1 Sun | 2 Java Se, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | |||||
| CVE-2007-4740 | 1 Telecom Italy | 1 Alice Messenger | 2025-04-09 | 9.3 HIGH | N/A |
| The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method. | |||||
| CVE-2008-4811 | 1 Smarty | 1 Smarty | 2025-04-09 | 7.5 HIGH | N/A |
| The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character. | |||||
| CVE-2008-4313 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 6.0 MEDIUM | N/A |
| A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. | |||||
| CVE-2007-5289 | 1 Hp | 2 Mercury Quality Center, Testdirector | 2025-04-09 | 7.6 HIGH | N/A |
| HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only. | |||||
| CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2025-04-09 | 7.5 HIGH | N/A |
| admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | |||||
| CVE-2008-7118 | 1 Webidsupport | 1 Webid | 2025-04-09 | 5.0 MEDIUM | N/A |
| WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log. | |||||
| CVE-2009-0866 | 1 Phnews | 1 Phnews | 2025-04-09 | 5.0 MEDIUM | N/A |
| pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. | |||||
| CVE-2008-1877 | 1 Debian | 1 Tss | 2025-04-09 | 2.1 LOW | N/A |
| tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges. | |||||
| CVE-2008-0893 | 1 Redhat | 1 Directory Server | 2025-04-09 | 7.5 HIGH | N/A |
| Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions. | |||||
| CVE-2007-1206 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. | |||||
| CVE-2007-4601 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
| A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information. | |||||
| CVE-2008-3113 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. | |||||
| CVE-2008-2378 | 1 Hf | 1 Hf | 2025-04-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | |||||
| CVE-2008-3858 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | |||||