Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2025-04-09 | 5.8 MEDIUM | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | |||||
| CVE-2008-7095 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2025-04-09 | 7.8 HIGH | N/A |
| The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB. | |||||
| CVE-2008-3920 | 1 Bitlbee | 1 Bitlbee | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors. | |||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2025-04-09 | 6.5 MEDIUM | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
| CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | |||||
| CVE-2009-0357 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | |||||
| CVE-2008-7115 | 1 Belkin | 2 F5d7632-4, Wireless G Router | 2025-04-09 | 10.0 HIGH | N/A |
| The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244. | |||||
| CVE-2008-4414 | 1 Hp | 1 Tru64 | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2008-4453 | 1 Dspicture | 2 Light Imaging Toolkit, Pro Imaging Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1638 | 1 Nik Software Inc | 1 Nik Sharpener Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse. | |||||
| CVE-2008-0931 | 2 Debian, Xwine | 2 Debian Linux, Xwine | 2025-04-09 | 6.3 MEDIUM | N/A |
| w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | |||||
| CVE-2006-5585 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." | |||||
| CVE-2009-2672 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2008-5274 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2025-04-09 | 5.0 MEDIUM | N/A |
| Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2794 | 1 Symantec | 1 Altiris Notification Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2007-5043 | 1 Kaspersky Lab | 1 Kaspersky Internet Security | 2025-04-09 | 4.4 MEDIUM | N/A |
| Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074. | |||||
| CVE-2007-5907 | 1 Xensource Inc | 1 Xen | 2025-04-09 | 4.7 MEDIUM | N/A |
| Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | |||||
| CVE-2008-1790 | 1 Iscripts | 1 Socialware | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | |||||
| CVE-2007-5040 | 1 Ghostsecurity | 1 Ghost Security Suite | 2025-04-09 | 2.1 LOW | N/A |
| Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks. | |||||
| CVE-2008-3528 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. | |||||