Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2025-04-09 | N/A |
| ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | ||||
| CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | ||||
| CVE-2007-5819 | 1 Ibm | 1 Tivoli Continuous Data Protection For Files | 2025-04-09 | N/A |
| IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. | ||||
| CVE-2008-4228 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | N/A |
| The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. | ||||
| CVE-2007-5757 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697. | ||||
| CVE-2008-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | ||||
| CVE-2009-1600 | 2 Adobe, Apple | 2 Acrobat Reader, Safari | 2025-04-09 | N/A |
| Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | ||||
| CVE-2009-2911 | 1 Systemtap | 1 Systemtap | 2025-04-09 | N/A |
| SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. | ||||
| CVE-2009-1542 | 1 Microsoft | 2 Virtual Pc, Virtual Server | 2025-04-09 | N/A |
| The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." | ||||
| CVE-2007-5230 | 1 Zomplog | 1 Zomplog | 2025-04-09 | N/A |
| admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231. | ||||
| CVE-2009-1235 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. | ||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2025-04-09 | N/A |
| Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. | ||||
| CVE-2007-5101 | 1 Furquim | 1 Chironfs | 2025-04-09 | N/A |
| ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges. | ||||
| CVE-2009-1160 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. | ||||
| CVE-2009-1052 | 1 Chaozz | 1 Fireant | 2025-04-09 | N/A |
| FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | ||||
| CVE-2009-4606 | 1 South River Technologies | 1 Webdrive | 2025-04-09 | N/A |
| South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | ||||
| CVE-2008-0245 | 1 Uploadscript | 2 Uploadimage, Uploadscript | 2025-04-09 | N/A |
| admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | ||||
| CVE-2009-1051 | 1 Chaozz | 1 Fubarforum | 2025-04-09 | N/A |
| FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | ||||
| CVE-2007-3378 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | ||||
| CVE-2008-6755 | 2 Redhat, Zoneminder | 2 Fedora, Zoneminder | 2025-04-09 | N/A |
| ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | ||||