Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5223 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php. | |||||
| CVE-2008-2078 | 1 Robocode | 1 Robocode | 2025-04-09 | 7.5 HIGH | N/A |
| Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue. | |||||
| CVE-2008-2722 | 1 Menalto | 1 Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | |||||
| CVE-2007-5260 | 1 Asp-cms | 1 Asp-cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb. | |||||
| CVE-2008-1593 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function. | |||||
| CVE-2008-1255 | 1 Zyxel | 1 P-660hw | 2025-04-09 | 10.0 HIGH | N/A |
| The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user. | |||||
| CVE-2008-1627 | 1 Cds Software Consortium | 1 Invenio | 2025-04-09 | 3.5 LOW | N/A |
| CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. | |||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2025-04-09 | 5.0 MEDIUM | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | |||||
| CVE-2008-1330 | 1 Novell | 1 Groupwise | 2025-04-09 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | |||||
| CVE-2006-4572 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.5 HIGH | N/A |
| ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." | |||||
| CVE-2008-4245 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php. | |||||
| CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. | |||||
| CVE-2009-2306 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2025-04-09 | 7.5 HIGH | N/A |
| The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini. | |||||
| CVE-2007-4937 | 1 Comscripts | 1 Cs Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php. | |||||
| CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | |||||
| CVE-2008-6514 | 1 Compiz | 1 Compiz Fusion | 2025-04-09 | 6.2 MEDIUM | N/A |
| The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920. | |||||
| CVE-2008-3064 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." | |||||
| CVE-2009-0613 | 1 Trendmicro | 1 Interscan Web Security Suite | 2025-04-09 | 6.0 MEDIUM | N/A |
| Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. | |||||
| CVE-2007-5239 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 4.0 MEDIUM | N/A |
| Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. | |||||
| CVE-2009-4558 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors. | |||||