Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2722 | 1 Menalto | 1 Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | |||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2025-04-09 | 7.5 HIGH | N/A |
| Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2004-2764 | 1 Sun | 2 Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." | |||||
| CVE-2008-5716 | 1 Citrix | 1 Xen | 2025-04-09 | 7.2 HIGH | N/A |
| xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | |||||
| CVE-2008-4334 | 1 Cannot | 1 Php Infoboard | 2025-04-09 | 7.5 HIGH | N/A |
| PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | |||||
| CVE-2009-1637 | 1 Simplecustomer | 1 Simple Customer | 2025-04-09 | 6.4 MEDIUM | N/A |
| profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | |||||
| CVE-2009-0826 | 1 Freedville | 1 Bloghelper | 2025-04-09 | 5.0 MEDIUM | N/A |
| BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | |||||
| CVE-2008-2290 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2009-2859 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.6 MEDIUM | N/A |
| IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | |||||
| CVE-2008-5027 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. | |||||
| CVE-2009-0835 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 3.6 LOW | N/A |
| The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. | |||||
| CVE-2008-4554 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
| The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | |||||
| CVE-2009-0078 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." | |||||
| CVE-2008-4058 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 7.5 HIGH | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. | |||||
| CVE-2008-2803 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
| The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. | |||||
| CVE-2009-4112 | 1 Cacti | 1 Cacti | 2025-04-09 | 9.0 HIGH | N/A |
| Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | |||||
| CVE-2007-6499 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." | |||||
| CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2025-04-09 | 7.5 HIGH | N/A |
| Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2025-04-09 | 6.4 MEDIUM | N/A |
| dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2025-04-09 | 6.9 MEDIUM | N/A |
| Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. | |||||