Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2171 | 1 Mahara | 1 Mahara | 2025-04-09 | 4.0 MEDIUM | N/A |
| Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | |||||
| CVE-2008-4334 | 1 Cannot | 1 Php Infoboard | 2025-04-09 | 7.5 HIGH | N/A |
| PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | |||||
| CVE-2008-3745 | 1 Drupal | 2 Drupal, Upload Module | 2025-04-09 | 5.5 MEDIUM | N/A |
| The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | |||||
| CVE-2009-1767 | 1 2daybiz | 1 Template Monster Clone | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter. | |||||
| CVE-2008-6293 | 1 Accscripts | 1 Acc Real Estate | 2025-04-09 | 7.5 HIGH | N/A |
| admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | |||||
| CVE-2009-1414 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. | |||||
| CVE-2008-3268 | 1 Brickhost | 1 Phpscheduleit | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4262 | 1 Haroldbakker | 1 Hb-ns | 2025-04-09 | 7.5 HIGH | N/A |
| Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php. | |||||
| CVE-2008-5283 | 1 Ghh | 1 Google Hack Honeypot File Upload Manager | 2025-04-09 | 6.4 MEDIUM | N/A |
| Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action. | |||||
| CVE-2009-3866 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
| The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | |||||
| CVE-2007-2944 | 1 Wabcms | 1 Wabcms | 2025-04-09 | 5.0 MEDIUM | N/A |
| WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher. | |||||
| CVE-2008-6540 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-09 | 5.1 MEDIUM | N/A |
| DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys. | |||||
| CVE-2009-0250 | 1 Ryneezy | 1 Phosheezy | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password. | |||||
| CVE-2007-6603 | 1 Hotscripts | 1 Hot Or Not Clone | 2025-04-09 | 5.0 MEDIUM | N/A |
| Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php. | |||||
| CVE-2009-1679 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | 2.1 LOW | N/A |
| The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. | |||||
| CVE-2008-6292 | 1 Accscripts | 1 Acc Autos | 2025-04-09 | 7.5 HIGH | N/A |
| Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1." | |||||
| CVE-2008-4405 | 1 Citrix | 1 Xen | 2025-04-09 | 7.2 HIGH | N/A |
| xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. | |||||
| CVE-2008-6603 | 1 Moinmo | 1 Moinmoin | 2025-04-09 | 6.8 MEDIUM | N/A |
| MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | |||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2025-04-09 | 6.5 MEDIUM | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
| CVE-2009-3374 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.5 HIGH | N/A |
| The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | |||||