Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4640 | 1 Adobe | 1 Flash Player | 2018-10-12 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. | |||||
| CVE-2003-0230 | 1 Microsoft | 2 Data Engine, Sql Server | 2018-10-12 | 7.2 HIGH | N/A |
| Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | |||||
| CVE-2002-0012 | 1 Snmp | 1 Snmp | 2018-10-12 | 10.0 HIGH | N/A |
| Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | |||||
| CVE-2002-0013 | 1 Snmp | 1 Snmp | 2018-10-12 | 10.0 HIGH | N/A |
| Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | |||||
| CVE-2009-0343 | 2 Linux, Niels Provos | 2 Linux Kernel, Systrace | 2018-10-11 | 7.2 HIGH | N/A |
| Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes. | |||||
| CVE-2009-0342 | 2 Linux, Provos | 2 Linux Kernel, Systrace | 2018-10-11 | 7.2 HIGH | N/A |
| Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. | |||||
| CVE-2009-0361 | 1 Eyrie | 1 Pam-krb5 | 2018-10-11 | 4.6 MEDIUM | N/A |
| Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. | |||||
| CVE-2009-0194 | 1 Garmin | 1 Garmin Communicator Plugin | 2018-10-11 | 9.3 HIGH | N/A |
| The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." | |||||
| CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2018-10-11 | 10.0 HIGH | N/A |
| The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2008-7209 | 1 Insane Visions | 1 Onecms | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2008-7216 | 1 Wordpress | 1 Peter\'s Math Anti-spam For Wordpress | 2018-10-11 | 4.3 MEDIUM | N/A |
| Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | |||||
| CVE-2008-7095 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2018-10-11 | 7.8 HIGH | N/A |
| The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB. | |||||
| CVE-2008-7161 | 1 Fortinet | 1 Fortigate-1000 | 2018-10-11 | 7.5 HIGH | N/A |
| Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. | |||||
| CVE-2009-0028 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 2.1 LOW | N/A |
| The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. | |||||
| CVE-2008-7026 | 1 Efrontlearning | 1 Efront | 2018-10-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/. | |||||
| CVE-2008-7212 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2018-10-11 | 5.0 MEDIUM | N/A |
| MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. | |||||
| CVE-2008-7186 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2018-10-11 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504. | |||||
| CVE-2008-7173 | 1 Juracapecoffee | 2 Internet Connectivity Kit, Jura Impressa | 2018-10-11 | 10.0 HIGH | N/A |
| The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage. | |||||
| CVE-2008-7170 | 1 Gameservers | 1 Gsc | 2018-10-11 | 10.0 HIGH | N/A |
| GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | |||||
| CVE-2008-7111 | 1 Kyoceramita | 1 Scanner File Utility | 2018-10-11 | 9.3 HIGH | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109. | |||||