Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2025-04-09 | N/A |
| evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | ||||
| CVE-2008-6302 | 1 Turnkeyforms | 1 Local Classifieds | 2025-04-09 | N/A |
| TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php. | ||||
| CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2025-04-09 | N/A |
| admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | ||||
| CVE-2008-0893 | 1 Redhat | 1 Directory Server | 2025-04-09 | N/A |
| Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions. | ||||
| CVE-2008-1190 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. | ||||
| CVE-2008-1937 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | N/A |
| The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges. | ||||
| CVE-2008-6293 | 1 Accscripts | 1 Acc Real Estate | 2025-04-09 | N/A |
| admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | ||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2025-04-09 | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | ||||
| CVE-2008-1142 | 7 Aterm, Eterm, Mrxvt and 4 more | 7 Aterm, Eterm, Mrxvt and 4 more | 2025-04-09 | N/A |
| rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | ||||
| CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | N/A |
| Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | ||||
| CVE-2008-1186 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." | ||||
| CVE-2008-6109 | 1 Shelter Manager | 1 Animal Shelter Manager | 2025-04-09 | N/A |
| Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI." | ||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2025-04-09 | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-1139 | 1 Deslock | 1 Deslock | 2025-04-09 | N/A |
| DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability. | ||||
| CVE-2008-6055 | 1 Preprojects | 1 Pre Classified Listings | 2025-04-09 | N/A |
| PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-1099 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | N/A |
| _macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. | ||||
| CVE-2008-0998 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | ||||
| CVE-2008-0910 | 1 F-secure | 8 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 5 more | 2025-04-09 | N/A |
| Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792. | ||||
| CVE-2008-0890 | 1 Redhat | 1 Directory Server | 2025-04-09 | N/A |
| Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. | ||||
| CVE-2008-0865 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2025-04-09 | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | ||||