Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5223 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php. | |||||
| CVE-2008-4484 | 1 Crux Software | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | |||||
| CVE-2008-3967 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 HIGH | N/A |
| moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | 4.3 MEDIUM | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | |||||
| CVE-2008-4109 | 2 Debian, Openbsd | 2 Linux, Openssh | 2025-04-09 | 5.0 MEDIUM | N/A |
| A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. | |||||
| CVE-2008-0731 | 3 Linux, Novell, Suse | 3 Linux Kernel, Apparmor, Open Suse | 2025-04-09 | 7.5 HIGH | N/A |
| The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. | |||||
| CVE-2009-0342 | 2 Linux, Provos | 2 Linux Kernel, Systrace | 2025-04-09 | 7.2 HIGH | N/A |
| Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. | |||||
| CVE-2008-5385 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
| enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-5597 | 1 Cold Bbs | 1 Cold Bbs | 2025-04-09 | 5.0 MEDIUM | N/A |
| Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. | |||||
| CVE-2008-3226 | 1 Joomla | 1 Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
| The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | |||||
| CVE-2009-0613 | 1 Trendmicro | 1 Interscan Web Security Suite | 2025-04-09 | 6.0 MEDIUM | N/A |
| Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. | |||||
| CVE-2008-6617 | 1 Sitexs Cms | 1 Sitexs Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | |||||
| CVE-2007-5210 | 1 Arbor Networks | 1 Peakflow Sp | 2025-04-09 | 6.0 MEDIUM | N/A |
| Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2025-04-09 | 7.5 HIGH | N/A |
| ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | |||||
| CVE-2008-5606 | 1 Gazatem Technologies | 1 Qmail Mailing List Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. | |||||
| CVE-2008-1614 | 1 Sebastian Marsching | 1 Suphp | 2025-04-09 | 4.3 MEDIUM | N/A |
| suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges. | |||||
| CVE-2007-6638 | 1 March Networks | 1 3204 Dvr | 2025-04-09 | 10.0 HIGH | N/A |
| March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz. | |||||
| CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | |||||
| CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2025-04-09 | 5.0 MEDIUM | N/A |
| internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2025-04-09 | 4.7 MEDIUM | N/A |
| Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. | |||||