Total
5251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1752 | 1 Exjune | 1 Office Message System | 2025-04-09 | 7.5 HIGH | N/A |
| exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2137 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
| The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls. | |||||
| CVE-2009-2564 | 3 Adobe, Corel, Nos Microsystems | 3 Acrobat Reader, Getplus Download Manager, Getplus Download Manager | 2025-04-09 | 7.2 HIGH | N/A |
| NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot. | |||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 1.9 LOW | N/A |
| Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | |||||
| CVE-2009-3949 | 1 Vivaprograms | 1 Infinity Script | 2025-04-09 | 7.5 HIGH | N/A |
| cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters. | |||||
| CVE-2007-5439 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2025-04-09 | 5.0 MEDIUM | N/A |
| CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors. | |||||
| CVE-2008-3825 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 4.4 MEDIUM | N/A |
| pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. | |||||
| CVE-2008-4339 | 1 Symantec | 2 Netbackup Enterprise Server, Netbackup Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries." | |||||
| CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2025-04-09 | 5.0 MEDIUM | N/A |
| cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | |||||
| CVE-2008-6302 | 1 Turnkeyforms | 1 Local Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php. | |||||
| CVE-2008-0843 | 1 Statcountex | 1 Statcountex | 2025-04-09 | 6.4 MEDIUM | N/A |
| StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. | |||||
| CVE-2008-1656 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.5 HIGH | N/A |
| Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | |||||
| CVE-2009-1599 | 2 Adobe, Opera | 2 Acrobat Reader, Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
| Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||
| CVE-2007-0471 | 1 Checkpoint | 1 Connectra Ngx | 2025-04-09 | 7.5 HIGH | N/A |
| sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. | |||||
| CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2025-04-09 | 5.0 MEDIUM | N/A |
| Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | |||||
| CVE-2007-3285 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | |||||
| CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2008-0697 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | |||||
| CVE-2007-6222 | 1 Crm Ctt | 1 Interleave | 2025-04-09 | 6.5 MEDIUM | N/A |
| The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2025-04-09 | 7.5 HIGH | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||