Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2025-04-09 | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5905 | 1 Ktorrent | 1 Ktorrent | 2025-04-09 | N/A |
| The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request. | ||||
| CVE-2006-7108 | 2 Andries Brouwer, Redhat | 2 Util-linux, Enterprise Linux | 2025-04-09 | N/A |
| login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. | ||||
| CVE-2007-3285 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | ||||
| CVE-2008-5852 | 1 Emefa | 1 Emefa Guestbook | 2025-04-09 | N/A |
| Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. | ||||
| CVE-2008-2147 | 1 Videolan | 1 Vlc | 2025-04-09 | N/A |
| Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. | ||||
| CVE-2008-7229 | 1 Greensql | 1 Greensql Firewall | 2025-04-09 | N/A |
| GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). | ||||
| CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2025-04-09 | N/A |
| Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | ||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2025-04-09 | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | ||||
| CVE-2008-5603 | 1 Aspapps | 1 Aspticker | 2025-04-09 | N/A |
| ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | ||||
| CVE-2008-7170 | 1 Gameservers | 1 Gsc | 2025-04-09 | N/A |
| GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | ||||
| CVE-2007-5278 | 1 Zomplog | 1 Zomplog | 2025-04-09 | N/A |
| Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable. | ||||
| CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2025-04-09 | N/A |
| ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | ||||
| CVE-2009-2461 | 1 Forkosh | 1 Mathtex | 2025-04-09 | N/A |
| mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors. | ||||
| CVE-2008-1937 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | N/A |
| The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges. | ||||
| CVE-2008-7026 | 1 Efrontlearning | 1 Efront | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/. | ||||
| CVE-2008-3525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | ||||
| CVE-2008-7167 | 1 Sami Ekblad | 1 Page Manager | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2025-04-09 | N/A |
| Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. | ||||
| CVE-2009-3889 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-09 | N/A |
| The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. | ||||