Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1692 | 1 Eterm | 1 Eterm | 2025-04-09 | 6.9 MEDIUM | N/A |
| Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | |||||
| CVE-2008-2079 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
| MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | |||||
| CVE-2007-4739 | 1 Debian | 1 Reprepro | 2025-04-09 | 5.0 MEDIUM | N/A |
| reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command. | |||||
| CVE-2008-0585 | 1 Ibm | 1 Aix | 2025-04-09 | 6.6 MEDIUM | N/A |
| sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files. | |||||
| CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2025-04-09 | 7.5 HIGH | N/A |
| ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | |||||
| CVE-2008-0046 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2009-2670 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 5.0 MEDIUM | N/A |
| The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | |||||
| CVE-2009-2574 | 1 Bioscripts | 1 Minitwitter | 2025-04-09 | 6.5 MEDIUM | N/A |
| index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action. | |||||
| CVE-2008-2488 | 1 Beaussier | 1 Roomphplanning | 2025-04-09 | 6.5 MEDIUM | N/A |
| admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts. | |||||
| CVE-2007-0541 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. | |||||
| CVE-2007-4315 | 3 Amd, Ati, Microsoft | 3 Catalyst Driver, Catalyst Driver, Windows Vista | 2025-04-09 | 6.9 MEDIUM | N/A |
| The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". | |||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2025-04-09 | 7.5 HIGH | N/A |
| Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2009-0579 | 1 Linux-pam | 1 Linux-pam | 2025-04-09 | 4.6 MEDIUM | N/A |
| Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. | |||||
| CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2009-2208 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 3.6 LOW | N/A |
| FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | |||||
| CVE-2007-5254 | 1 Virusblokada | 1 Vba32 Antivirus | 2025-04-09 | 7.2 HIGH | N/A |
| VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe. | |||||
| CVE-2008-2724 | 1 Menalto | 1 Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2007-5686 | 1 Rpath | 1 Rpath Linux | 2025-04-09 | 4.9 MEDIUM | N/A |
| initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. | |||||
| CVE-2009-0078 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." | |||||
| CVE-2008-3226 | 1 Joomla | 1 Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
| The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | |||||