Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4992 | 1 Sun | 13 Blade T6300 Server, Blade T6320 Server, Fire Enterprise Server T1000 and 10 more | 2025-04-09 | N/A |
| The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors. | ||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2025-04-09 | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5128 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-09 | N/A |
| Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | ||||
| CVE-2009-2080 | 1 Mrcgiguy | 1 The Ticket System | 2025-04-09 | N/A |
| admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action. | ||||
| CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2025-04-09 | N/A |
| The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | ||||
| CVE-2009-1601 | 1 Ubuntu | 1 Linux | 2025-04-09 | N/A |
| The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. | ||||
| CVE-2009-0122 | 1 Hp | 1 Hplip | 2025-04-09 | N/A |
| hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. | ||||
| CVE-2008-5506 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." | ||||
| CVE-2009-2160 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | N/A |
| TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | ||||
| CVE-2008-5608 | 1 Aspapps | 1 Asp Autodealer | 2025-04-09 | N/A |
| ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. | ||||
| CVE-2009-3258 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | N/A |
| vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors. | ||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-5773 | 1 Nukedit | 1 Nukedit | 2025-04-09 | N/A |
| Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | ||||
| CVE-2008-5873 | 1 Yerba | 1 Yerba | 2025-04-09 | N/A |
| Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username. | ||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2025-04-09 | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2025-04-09 | N/A |
| Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | ||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | ||||
| CVE-2008-6292 | 1 Accscripts | 1 Acc Autos | 2025-04-09 | N/A |
| Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1." | ||||
| CVE-2009-0365 | 2 Redhat, Ubuntu | 2 Enterprise Linux, Ubuntu Linux | 2025-04-09 | N/A |
| nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. | ||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2025-04-09 | N/A |
| Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | ||||