Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2025-04-09 | 7.5 HIGH | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6598 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 6.8 MEDIUM | N/A |
| Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | |||||
| CVE-2007-6278 | 1 Flac | 1 Libflac | 2025-04-09 | 9.3 HIGH | N/A |
| Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | |||||
| CVE-2008-7219 | 1 Horde | 5 Groupware, Groupware Webmail Edition, Kronolith H3 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | |||||
| CVE-2009-2198 | 1 Apple | 1 Garageband | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | |||||
| CVE-2007-6650 | 1 Bitweaver | 1 R2 Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file. | |||||
| CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | |||||
| CVE-2008-1657 | 1 Openbsd | 1 Openssh | 2025-04-09 | 6.5 MEDIUM | N/A |
| OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. | |||||
| CVE-2007-6424 | 1 Netfortris | 1 Trixbox | 2025-04-09 | 4.3 MEDIUM | N/A |
| registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack. | |||||
| CVE-2007-3007 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. | |||||
| CVE-2008-3300 | 1 Alphadmin | 1 Alphadmin Cms | 2025-04-09 | 7.5 HIGH | N/A |
| AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7111 | 1 Kyoceramita | 1 Scanner File Utility | 2025-04-09 | 9.3 HIGH | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109. | |||||
| CVE-2007-6507 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
| SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. | |||||
| CVE-2008-1614 | 1 Sebastian Marsching | 1 Suphp | 2025-04-09 | 4.3 MEDIUM | N/A |
| suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges. | |||||
| CVE-2008-0889 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2025-04-09 | 2.1 LOW | N/A |
| Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. | |||||
| CVE-2008-2367 | 1 Redhat | 1 Certificate System | 2025-04-09 | 2.1 LOW | N/A |
| Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. | |||||
| CVE-2007-6638 | 1 March Networks | 1 3204 Dvr | 2025-04-09 | 10.0 HIGH | N/A |
| March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz. | |||||
| CVE-2008-4822 | 1 Adobe | 1 Flash Player | 2025-04-09 | 6.8 MEDIUM | N/A |
| Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. | |||||
| CVE-2007-1227 | 1 Mcafee | 1 Virex | 2025-04-09 | 6.6 MEDIUM | N/A |
| VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. | |||||
| CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
| The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | |||||