Total
5251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6636 | 1 Bitflu | 1 Bitflu | 2025-04-09 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file. | |||||
| CVE-2009-4174 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2025-04-09 | 6.0 MEDIUM | N/A |
| The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action. | |||||
| CVE-2009-3374 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.5 HIGH | N/A |
| The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | |||||
| CVE-2009-0361 | 1 Eyrie | 1 Pam-krb5 | 2025-04-09 | 4.6 MEDIUM | N/A |
| Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. | |||||
| CVE-2007-4668 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312. | |||||
| CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2025-04-09 | 5.0 MEDIUM | N/A |
| Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
| CVE-2009-2024 | 1 Vt.rovno | 1 Asp Vt Auth | 2025-04-09 | 5.0 MEDIUM | N/A |
| Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. | |||||
| CVE-2008-2226 | 1 Openkm | 1 Openkm | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5393 | 1 Privacy-cd | 1 Unbuntu Privacy Remix | 2025-04-09 | 10.0 HIGH | N/A |
| UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays. | |||||
| CVE-2007-4647 | 1 2coolcode | 1 Our Space | 2025-04-09 | 5.0 MEDIUM | N/A |
| newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi. | |||||
| CVE-2009-2160 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 5.0 MEDIUM | N/A |
| TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | |||||
| CVE-2007-6413 | 1 Sun | 1 Solaris | 2025-04-09 | 9.3 HIGH | N/A |
| Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | |||||
| CVE-2008-0217 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 6.9 MEDIUM | N/A |
| The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. | |||||
| CVE-2007-6182 | 1 Growth | 1 Ispmanager | 2025-04-09 | 7.2 HIGH | N/A |
| The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments. | |||||
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2025-04-09 | 7.5 HIGH | N/A |
| News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | |||||
| CVE-2008-3631 | 1 Apple | 1 Ipod Touch | 2025-04-09 | 7.1 HIGH | N/A |
| Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. | |||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2025-04-09 | 2.1 LOW | N/A |
| Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | |||||
| CVE-2009-1922 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." | |||||
| CVE-2008-4453 | 1 Dspicture | 2 Light Imaging Toolkit, Pro Imaging Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5382 | 1 Cisco | 2 Wireless Control System, Wireless Lan Solution Engine | 2025-04-09 | 10.0 HIGH | N/A |
| The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. | |||||