Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2009-01-06 | 4.6 MEDIUM | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-5385 | 1 Ibm | 1 Aix | 2008-12-17 | 6.9 MEDIUM | N/A |
| enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-0701 | 1 Magnolia | 1 Ce | 2008-12-17 | 5.0 MEDIUM | N/A |
| ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | |||||
| CVE-2008-5283 | 1 Ghh | 1 Google Hack Honeypot File Upload Manager | 2008-12-02 | 6.4 MEDIUM | N/A |
| Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action. | |||||
| CVE-2008-3967 | 1 Mybb | 1 Mybb | 2008-11-15 | 7.5 HIGH | N/A |
| moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2008-11-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||
| CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2008-11-15 | 3.3 LOW | N/A |
| The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | |||||
| CVE-2007-6690 | 1 Menalto | 1 Gallery | 2008-11-15 | 10.0 HIGH | N/A |
| The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | |||||
| CVE-2007-6644 | 1 Joomla | 1 Joomla | 2008-11-15 | 6.5 MEDIUM | N/A |
| Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. | |||||
| CVE-2007-6645 | 1 Joomla | 1 Joomla | 2008-11-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." | |||||
| CVE-2007-6619 | 1 Atlassian | 1 Jira | 2008-11-15 | 7.5 HIGH | N/A |
| The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. | |||||
| CVE-2007-5254 | 1 Virusblokada | 1 Vba32 Antivirus | 2008-11-15 | 7.2 HIGH | N/A |
| VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe. | |||||
| CVE-2007-3804 | 1 Clavister | 1 Clavister Coreplus | 2008-11-15 | 5.0 MEDIUM | N/A |
| The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | |||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2008-11-15 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | |||||
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2008-11-13 | 7.5 HIGH | N/A |
| BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | |||||
| CVE-2008-3876 | 1 Apple | 1 Iphone | 2008-09-17 | 1.9 LOW | N/A |
| Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. | |||||
| CVE-2007-2975 | 1 Ignite Realtime | 1 Openfire | 2008-09-10 | 7.5 HIGH | N/A |
| The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. | |||||
| CVE-2008-3376 | 1 Jamroom | 1 Jamroom | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. | |||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2008-09-05 | 4.7 MEDIUM | N/A |
| Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. | |||||
| CVE-2008-0931 | 2 Debian, Xwine | 2 Debian Linux, Xwine | 2008-09-05 | 6.3 MEDIUM | N/A |
| w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | |||||