Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2935 | 1 Google | 1 Chrome | 2025-04-09 | 10.0 HIGH | N/A |
| Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. | |||||
| CVE-2008-1397 | 1 Checkpoint | 5 Check Point Vpn-1 Pro, Vpn-1, Vpn-1 Firewall-1 and 2 more | 2025-04-09 | 6.5 MEDIUM | N/A |
| Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. | |||||
| CVE-2009-0336 | 1 Katywhitton | 1 Blogit\! | 2025-04-09 | 5.0 MEDIUM | N/A |
| Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4556 | 1 Quickheal | 2 Antivirus Plus 2009, Total Security 2009 | 2025-04-09 | 7.2 HIGH | N/A |
| Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe. | |||||
| CVE-2008-1483 | 1 Openbsd | 1 Openssh | 2025-04-09 | 6.9 MEDIUM | N/A |
| OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. | |||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | 7.5 HIGH | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | |||||
| CVE-2008-5340 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | |||||
| CVE-2007-2975 | 1 Ignite Realtime | 1 Openfire | 2025-04-09 | 7.5 HIGH | N/A |
| The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. | |||||
| CVE-2008-3890 | 2 Amd, Freebsd | 2 Amd64, Freebsd | 2025-04-09 | 7.2 HIGH | N/A |
| The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call. | |||||
| CVE-2007-4563 | 1 Hitachi | 7 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Electronic Form Workflow - Standard Set and 4 more | 2025-04-09 | 4.4 MEDIUM | N/A |
| Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges. | |||||
| CVE-2008-2146 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. | |||||
| CVE-2009-0328 | 1 Robs-projects | 1 Digital Sales Ipn | 2025-04-09 | 5.0 MEDIUM | N/A |
| ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb. | |||||
| CVE-2009-2766 | 1 Dd-wrt | 1 Dd-wrt | 2025-04-09 | 7.5 HIGH | N/A |
| httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests. | |||||
| CVE-2008-4511 | 1 Todd Woolums | 1 Asp News Management | 2025-04-09 | 5.0 MEDIUM | N/A |
| Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2007-6049 | 3 Ibm, Linux, Unix | 3 Db2 Universal Database, Linux Kernel, Unix | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root. | |||||
| CVE-2009-2482 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 6.9 MEDIUM | N/A |
| The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | |||||
| CVE-2008-3855 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | |||||
| CVE-2007-1227 | 1 Mcafee | 1 Virex | 2025-04-09 | 6.6 MEDIUM | N/A |
| VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. | |||||
| CVE-2007-6434 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function. | |||||
| CVE-2009-1597 | 2 Adobe, Mozilla | 2 Acrobat Reader, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||