Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0426 | 1 Todd Miller | 1 Sudo | 2018-10-10 | 6.9 MEDIUM | N/A |
| sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | |||||
| CVE-2010-0427 | 1 Todd Miller | 1 Sudo | 2018-10-10 | 4.4 MEDIUM | N/A |
| sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | |||||
| CVE-2010-0212 | 1 Openldap | 1 Openldap | 2018-10-10 | 5.0 MEDIUM | N/A |
| OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | |||||
| CVE-2010-0123 | 1 Timeclock-software | 1 Employee Timeclock Software | 2018-10-10 | 5.0 MEDIUM | N/A |
| The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name." | |||||
| CVE-2009-4556 | 1 Quickheal | 2 Antivirus Plus 2009, Total Security 2009 | 2018-10-10 | 7.2 HIGH | N/A |
| Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe. | |||||
| CVE-2009-4607 | 1 Overlandstorage | 2 Guardianos, Snap Server 410 | 2018-10-10 | 7.2 HIGH | N/A |
| The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell. | |||||
| CVE-2009-4606 | 1 South River Technologies | 1 Webdrive | 2018-10-10 | 7.2 HIGH | N/A |
| South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | |||||
| CVE-2009-4452 | 1 Kaspersky Lab | 7 Kaspersky Anti-virus, Kaspersky Anti-virus 2009, Kaspersky Anti-virus 2010 and 4 more | 2018-10-10 | 6.8 MEDIUM | N/A |
| Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. | |||||
| CVE-2009-4455 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2018-10-10 | 6.5 MEDIUM | N/A |
| The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature." | |||||
| CVE-2009-4174 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2018-10-10 | 6.0 MEDIUM | N/A |
| The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action. | |||||
| CVE-2009-4215 | 2 Microsoft, Pandasecurity | 6 Windows 7, Windows Vista, Windows Xp and 3 more | 2018-10-10 | 7.2 HIGH | N/A |
| Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs. | |||||
| CVE-2009-4112 | 1 Cacti | 1 Cacti | 2018-10-10 | 9.0 HIGH | N/A |
| Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | |||||
| CVE-2009-4211 | 2 Disa, Sun | 2 Srr For Solaris, Solaris | 2018-10-10 | 9.3 HIGH | N/A |
| The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2009-3989 | 1 Mozilla | 1 Bugzilla | 2018-10-10 | 4.3 MEDIUM | N/A |
| Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. | |||||
| CVE-2009-3904 | 1 Cubecart | 1 Cubecart | 2018-10-10 | 7.5 HIGH | N/A |
| classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header. | |||||
| CVE-2009-3860 | 1 Idefense | 1 Comraider | 2018-10-10 | 5.8 MEDIUM | N/A |
| Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer. | |||||
| CVE-2009-3068 | 1 Adobe | 1 Robohelp Server | 2018-10-10 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. | |||||
| CVE-2009-3230 | 1 Postgresql | 1 Postgresql | 2018-10-10 | 6.5 MEDIUM | N/A |
| The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. | |||||
| CVE-2009-3387 | 1 Mozilla | 1 Bugzilla | 2018-10-10 | 5.0 MEDIUM | N/A |
| Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances. | |||||
| CVE-2009-2718 | 2 Sun, X.org | 2 Java Se, X11 | 2018-10-10 | 6.8 MEDIUM | N/A |
| The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | |||||