Total
5245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0701 | 1 Magnolia | 1 Ce | 2025-04-09 | 5.0 MEDIUM | N/A |
| ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | |||||
| CVE-2009-3558 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. | |||||
| CVE-2008-4585 | 1 Belong Software | 1 Site Builder | 2025-04-09 | 7.5 HIGH | N/A |
| Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php. | |||||
| CVE-2008-1363 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
| VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." | |||||
| CVE-2008-2147 | 1 Videolan | 1 Vlc | 2025-04-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. | |||||
| CVE-2009-1235 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. | |||||
| CVE-2009-4044 | 2 Bruno Massa, Drupal | 2 Web Services, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. | |||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2007-5965 | 1 Trolltech | 1 Qsslsocket | 2025-04-09 | 4.3 MEDIUM | N/A |
| QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user. | |||||
| CVE-2008-3464 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." | |||||
| CVE-2008-3156 | 1 Panda | 1 Panda Activescan | 2025-04-09 | 9.3 HIGH | N/A |
| The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | |||||
| CVE-2007-6319 | 1 Lyris | 1 List Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." | |||||
| CVE-2007-6500 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | |||||
| CVE-2009-3920 | 2 Drupal, Sean Robertson | 2 Drupal, Crmngp | 2025-04-09 | 5.0 MEDIUM | N/A |
| An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors. | |||||
| CVE-2008-0350 | 1 Evilsentinel | 1 Evilsentinel | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. | |||||
| CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | |||||
| CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2025-04-09 | 5.0 MEDIUM | N/A |
| PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | |||||
| CVE-2008-0425 | 1 Frimousse | 1 Frimousse | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter. | |||||
| CVE-2008-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | |||||
| CVE-2009-0872 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 6.8 MEDIUM | N/A |
| The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. | |||||