Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1309 | 1 Novell | 1 Access Manager | 2025-04-09 | 9.0 HIGH | N/A |
| Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. | |||||
| CVE-2008-3041 | 1 Typo3 | 1 Dam Frontend Extension | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control." | |||||
| CVE-2008-5572 | 1 Dotnetindex | 1 Professional Download Assistant | 2025-04-09 | 5.0 MEDIUM | N/A |
| Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | |||||
| CVE-2007-3782 | 1 Mysql | 1 Community Server | 2025-04-09 | 3.5 LOW | N/A |
| MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | |||||
| CVE-2008-7024 | 1 Arzdev | 2 Gemini Lite, Gemini Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
| admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users." | |||||
| CVE-2008-5459 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2025-04-09 | 5.0 MEDIUM | N/A |
| Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
| CVE-2008-5724 | 1 Eset | 1 Smart Security | 2025-04-09 | 7.2 HIGH | N/A |
| The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. | |||||
| CVE-2007-1461 | 1 Php | 1 Php | 2025-04-09 | 7.8 HIGH | N/A |
| The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | |||||
| CVE-2008-6957 | 1 Discuz | 1 Discuz\! | 2025-04-09 | 7.5 HIGH | N/A |
| member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | |||||
| CVE-2008-6674 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 5.0 MEDIUM | N/A |
| mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter. | |||||
| CVE-2009-4222 | 1 Smartisoft | 1 Phpbazar | 2025-04-09 | 7.5 HIGH | N/A |
| phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request. | |||||
| CVE-2007-4650 | 1 Bharat Mediratta | 1 Gallery | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. | |||||
| CVE-2008-4578 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 5.0 MEDIUM | N/A |
| The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes. | |||||
| CVE-2008-0402 | 1 Ibm | 1 Websphere Business Modeler | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. | |||||
| CVE-2008-0730 | 1 Sun | 1 Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
| The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users. | |||||
| CVE-2008-3112 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. | |||||
| CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 3.3 LOW | N/A |
| The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | |||||
| CVE-2008-2873 | 1 Aspindir | 1 Shibby Shop | 2025-04-09 | 5.0 MEDIUM | N/A |
| sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. | |||||
| CVE-2008-1596 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680. | |||||