Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6799 | 1 Tufat | 1 Flashchat | 2017-08-16 | 7.5 HIGH | N/A |
| connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7." | |||||
| CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2017-08-16 | 5.0 MEDIUM | N/A |
| internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6755 | 2 Redhat, Zoneminder | 2 Fedora, Zoneminder | 2017-08-16 | 5.0 MEDIUM | N/A |
| ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | |||||
| CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2017-08-16 | 2.1 LOW | N/A |
| ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | |||||
| CVE-2008-6747 | 1 Dotproject | 1 Dotproject | 2017-08-16 | 6.8 MEDIUM | N/A |
| dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6603 | 1 Moinmo | 1 Moinmoin | 2017-08-16 | 6.8 MEDIUM | N/A |
| MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | |||||
| CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2017-08-16 | 5.0 MEDIUM | N/A |
| cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | |||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2017-08-16 | 6.9 MEDIUM | N/A |
| Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. | |||||
| CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | |||||
| CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2017-08-16 | 5.0 MEDIUM | N/A |
| JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | |||||
| CVE-2008-6514 | 1 Compiz | 1 Compiz Fusion | 2017-08-16 | 6.2 MEDIUM | N/A |
| The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920. | |||||
| CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2017-08-16 | 5.0 MEDIUM | N/A |
| Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | |||||
| CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2017-08-16 | 7.5 HIGH | N/A |
| EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | |||||
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2017-08-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | |||||
| CVE-2004-2768 | 1 Debian | 1 Dpkg | 2017-08-16 | 7.2 HIGH | N/A |
| dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059. | |||||
| CVE-2005-4889 | 1 Rpm | 1 Rpm | 2017-08-16 | 7.2 HIGH | N/A |
| lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. | |||||
| CVE-2002-2283 | 1 Microsoft | 1 Windows Xp | 2017-08-16 | 1.9 LOW | N/A |
| Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users. | |||||
| CVE-2009-0700 | 1 Plunet | 1 Business Manager | 2017-08-16 | 4.0 MEDIUM | N/A |
| Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp. | |||||
| CVE-2015-1378 | 1 Grml | 1 Grml-debootstrap | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | |||||
| CVE-2015-5244 | 1 Mod Nss Project | 1 Mod Nss | 2017-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |||||