Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||
| CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | |||||
| CVE-2008-3303 | 1 Tuxplanet | 1 Bilboblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | |||||
| CVE-2009-3374 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.5 HIGH | N/A |
| The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | |||||
| CVE-2009-3722 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.1 HIGH | N/A |
| The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application. | |||||
| CVE-2009-4455 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2025-04-09 | 6.5 MEDIUM | N/A |
| The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature." | |||||
| CVE-2008-5602 | 1 Natterchat | 1 Natterchat | 2025-04-09 | 5.0 MEDIUM | N/A |
| Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. | |||||
| CVE-2007-4740 | 1 Telecom Italy | 1 Alice Messenger | 2025-04-09 | 9.3 HIGH | N/A |
| The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method. | |||||
| CVE-2009-1863 | 1 Adobe | 3 Air, Flash Player, Flex | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." | |||||
| CVE-2009-3557 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. | |||||
| CVE-2008-3875 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.2 HIGH | N/A |
| The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls. | |||||
| CVE-2008-4252 | 1 Microsoft | 5 Office Frontpage, Project, Visual Basic and 2 more | 2025-04-09 | 8.5 HIGH | N/A |
| The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." | |||||
| CVE-2009-1542 | 1 Microsoft | 2 Virtual Pc, Virtual Server | 2025-04-09 | 9.0 HIGH | N/A |
| The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." | |||||
| CVE-2008-3835 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.5 HIGH | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | |||||
| CVE-2008-5916 | 1 Git | 1 Git | 2025-04-09 | 4.6 MEDIUM | N/A |
| gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | |||||
| CVE-2008-3855 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | |||||
| CVE-2007-1893 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.9 MEDIUM | N/A |
| xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." | |||||
| CVE-2009-4465 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 7.5 HIGH | N/A |
| DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/. | |||||
| CVE-2007-4651 | 1 Adobe | 1 Connect Enterprise Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. | |||||
| CVE-2007-3378 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | |||||