Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1140 | 1 Deslock | 1 Deslock | 2017-09-29 | 7.2 HIGH | N/A |
| DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability. | |||||
| CVE-2008-0233 | 1 Zero Cms | 1 Zero Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg. | |||||
| CVE-2008-1230 | 1 Jspwiki | 1 Jspwiki | 2017-09-29 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page." | |||||
| CVE-2008-0245 | 1 Uploadscript | 2 Uploadimage, Uploadscript | 2017-09-29 | 7.5 HIGH | N/A |
| admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | |||||
| CVE-2008-1783 | 1 Prozilla | 1 Reviews | 2017-09-29 | 6.4 MEDIUM | N/A |
| Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | |||||
| CVE-2008-1600 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. | |||||
| CVE-2008-1790 | 1 Iscripts | 1 Socialware | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | |||||
| CVE-2008-1784 | 1 Prozilla | 1 Topsites | 2017-09-29 | 7.5 HIGH | N/A |
| Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. | |||||
| CVE-2008-1187 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. | |||||
| CVE-2008-0329 | 1 Julien Plesniak | 1 Lulieblog | 2017-09-29 | 5.0 MEDIUM | N/A |
| LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter. | |||||
| CVE-2007-4640 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | |||||
| CVE-2007-6246 | 2 Adobe, Linux | 2 Flash Player, Linux Kernel | 2017-09-29 | 4.4 MEDIUM | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | |||||
| CVE-2007-5644 | 1 Lussumo | 1 Vanilla | 2017-09-29 | 7.5 HIGH | N/A |
| Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities. | |||||
| CVE-2007-4569 | 1 Kde | 1 Kde | 2017-09-29 | 6.8 MEDIUM | N/A |
| backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | |||||
| CVE-2007-3740 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.4 MEDIUM | N/A |
| The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. | |||||
| CVE-2007-5237 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 7.1 HIGH | N/A |
| Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." | |||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 1.9 LOW | N/A |
| Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | |||||
| CVE-2007-5062 | 1 Adam Scheinberg | 1 Flip | 2017-09-29 | 7.5 HIGH | N/A |
| account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action. | |||||
| CVE-2007-5907 | 1 Xensource Inc | 1 Xen | 2017-09-29 | 4.7 MEDIUM | N/A |
| Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | |||||
| CVE-2007-4647 | 1 2coolcode | 1 Our Space | 2017-09-29 | 5.0 MEDIUM | N/A |
| newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi. | |||||