Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5382 | 1 Cisco | 2 Wireless Control System, Wireless Lan Solution Engine | 2025-04-09 | 10.0 HIGH | N/A |
| The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2008-4131 | 1 Sun | 1 Solaris | 2025-04-09 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs. | |||||
| CVE-2009-4215 | 2 Microsoft, Pandasecurity | 6 Windows 7, Windows Vista, Windows Xp and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
| Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs. | |||||
| CVE-2008-3172 | 1 Opera | 1 Opera | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | |||||
| CVE-2009-0578 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | 6.2 MEDIUM | N/A |
| GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. | |||||
| CVE-2008-0372 | 1 8e6 | 1 R3000 Internet Filter | 2025-04-09 | 5.0 MEDIUM | N/A |
| 8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. | |||||
| CVE-2008-5765 | 1 2500mhz | 1 Worksimple | 2025-04-09 | 5.0 MEDIUM | N/A |
| WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | |||||
| CVE-2008-0581 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2025-04-09 | 7.2 HIGH | N/A |
| Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch. | |||||
| CVE-2008-0807 | 2 Debian, Horde | 4 Debian Linux, Groupware, Groupware Webmail Edition and 1 more | 2025-04-09 | 4.9 MEDIUM | N/A |
| lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | |||||
| CVE-2009-4174 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2025-04-09 | 6.0 MEDIUM | N/A |
| The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action. | |||||
| CVE-2003-1571 | 1 Webwizguide | 1 Web Wiz Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. | |||||
| CVE-2009-3589 | 1 Inotify | 1 Incron | 2025-04-09 | 4.6 MEDIUM | N/A |
| incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table. | |||||
| CVE-2008-2306 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
| Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | |||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | |||||
| CVE-2008-0998 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | |||||
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2025-04-09 | 5.0 MEDIUM | N/A |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | 4.3 MEDIUM | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | |||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||||
| CVE-2008-7002 | 1 Php | 1 Php | 2025-04-09 | 7.2 HIGH | N/A |
| PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation. | |||||
| CVE-2009-2027 | 1 Apple | 1 Safari | 2025-04-09 | 7.2 HIGH | N/A |
| The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | |||||