Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-264
Total 5279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0804 1 Ziproxy 1 Ziproxy 2009-06-17 5.4 MEDIUM N/A
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVE-2009-0802 1 Qbik 1 Wingate 2009-06-17 5.4 MEDIUM N/A
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVE-2009-0801 1 Squid 1 Squid Web Proxy Cache 2009-06-17 5.4 MEDIUM N/A
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVE-2009-1631 1 Gnome 1 Evolution 2009-05-22 2.1 LOW N/A
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
CVE-2009-1507 1 Drupal 2 Drupal, Nodeaccess Userreference 2009-05-12 7.5 HIGH N/A
The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.
CVE-2009-1160 1 Cisco 2 Adaptive Security Appliance 5500, Pix 2009-04-27 4.3 MEDIUM N/A
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.
CVE-2008-6674 1 Quickersite 1 Quickersite 2009-04-22 5.0 MEDIUM N/A
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
CVE-2008-6673 1 Quickersite 1 Quickersite 2009-04-22 7.5 HIGH N/A
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.
CVE-2009-1073 1 Debian 1 Nss-ldap 2009-04-07 4.9 MEDIUM N/A
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
CVE-2009-1264 2 Stanislas Rolland, Typo3 2 Sr Feuser Register, Typo3 2009-04-07 4.0 MEDIUM N/A
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
CVE-2005-0735 1 Newsscript.co.uk 1 Newsscript 2009-04-02 10.0 HIGH N/A
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.
CVE-2002-1978 1 Darren Reed 1 Ipfilter 2009-04-02 7.5 HIGH N/A
IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
CVE-2005-4880 1 Jax Scripts 1 Jax Guestbook 2009-03-31 5.0 MEDIUM N/A
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
CVE-2008-6548 1 Moinmo 1 Moinmoin 2009-03-29 5.0 MEDIUM N/A
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
CVE-2009-0469 1 Futomis Cgi Cafe 1 Fulltext Search Cgi 2009-03-12 7.5 HIGH N/A
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.
CVE-2008-6399 1 Dotnetnuke 1 Dotnetnuke 2009-03-05 6.4 MEDIUM N/A
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
CVE-2009-0806 1 Opengoo 1 Opengoo 2009-03-04 6.5 MEDIUM N/A
Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors.
CVE-2008-1692 1 Eterm 1 Eterm 2009-02-25 6.9 MEDIUM N/A
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2008-1142 7 Aterm, Eterm, Mrxvt and 4 more 7 Aterm, Eterm, Mrxvt and 4 more 2009-02-25 3.7 LOW N/A
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2007-4739 1 Debian 1 Reprepro 2009-02-04 5.0 MEDIUM N/A
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.