Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3170 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | |||||
| CVE-2007-1893 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.9 MEDIUM | N/A |
| xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." | |||||
| CVE-2007-5026 | 1 Dblog | 1 Dblog Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb. | |||||
| CVE-2008-2287 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
| Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. | |||||
| CVE-2008-5130 | 1 Ocean12 Technologies | 1 Calendar Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | |||||
| CVE-2008-3271 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. | |||||
| CVE-2008-6001 | 1 Adnforum | 1 Adnforum | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | |||||
| CVE-2008-7186 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504. | |||||
| CVE-2008-4511 | 1 Todd Woolums | 1 Asp News Management | 2025-04-09 | 5.0 MEDIUM | N/A |
| Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2007-5827 | 2 Debian, Iscsitarget | 2 Debian Linux, Iscsitarget | 2025-04-09 | 2.1 LOW | N/A |
| iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | |||||
| CVE-2008-2313 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.6 MEDIUM | N/A |
| Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | |||||
| CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | |||||
| CVE-2008-0329 | 1 Julien Plesniak | 1 Lulieblog | 2025-04-09 | 5.0 MEDIUM | N/A |
| LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter. | |||||
| CVE-2008-1473 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
| The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. | |||||
| CVE-2007-5401 | 1 Layton Technology | 1 Helpbox | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions. | |||||
| CVE-2009-0230 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more | 2025-04-09 | 9.0 HIGH | N/A |
| The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." | |||||
| CVE-2006-7219 | 1 Ez | 1 Ez Publish | 2025-04-09 | 4.0 MEDIUM | N/A |
| eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft. | |||||
| CVE-2008-1599 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | |||||
| CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2025-04-09 | 5.0 MEDIUM | N/A |
| Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | |||||
| CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | |||||