Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4245 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php. | |||||
| CVE-2009-4091 | 1 Simplog | 1 Simplog | 2025-04-09 | 5.0 MEDIUM | N/A |
| comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action. | |||||
| CVE-2008-2420 | 1 Stunnel | 1 Stunnel | 2025-04-09 | 6.8 MEDIUM | N/A |
| The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. | |||||
| CVE-2008-2771 | 1 Drupal | 2 Drupal, Node Hierarchy Module | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | |||||
| CVE-2009-4262 | 1 Haroldbakker | 1 Hb-ns | 2025-04-09 | 7.5 HIGH | N/A |
| Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php. | |||||
| CVE-2008-7172 | 1 Yanick Bourbeau | 1 Lightweight News Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions. | |||||
| CVE-2009-1922 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." | |||||
| CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2025-04-09 | 5.0 MEDIUM | N/A |
| MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | |||||
| CVE-2007-5835 | 1 Bosdev | 1 Bosnews | 2025-04-09 | 5.0 MEDIUM | N/A |
| Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access. | |||||
| CVE-2008-0145 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | |||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2025-04-09 | 2.1 LOW | N/A |
| Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | |||||
| CVE-2007-5236 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 5.4 MEDIUM | N/A |
| Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. | |||||
| CVE-2009-1767 | 1 2daybiz | 1 Template Monster Clone | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter. | |||||
| CVE-2007-5442 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 3.5 LOW | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors. | |||||
| CVE-2008-3376 | 1 Jamroom | 1 Jamroom | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. | |||||
| CVE-2008-4506 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | |||||
| CVE-2009-0872 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 6.8 MEDIUM | N/A |
| The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. | |||||
| CVE-2008-5762 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | |||||
| CVE-2007-5278 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable. | |||||
| CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2025-04-09 | 7.5 HIGH | N/A |
| CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | |||||