Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6055 | 1 Preprojects | 1 Pre Classified Listings | 2009-02-04 | 5.0 MEDIUM | N/A |
| PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2009-0382 | 1 Drupal | 2 Drupal, Internationalization | 2009-02-02 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. | |||||
| CVE-2009-0122 | 1 Hp | 1 Hplip | 2009-01-30 | 6.9 MEDIUM | N/A |
| hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. | |||||
| CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2009-01-23 | 5.0 MEDIUM | N/A |
| ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | |||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2009-01-05 | 4.6 MEDIUM | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-5385 | 1 Ibm | 1 Aix | 2008-12-16 | 6.9 MEDIUM | N/A |
| enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-0701 | 1 Magnolia | 1 Ce | 2008-12-16 | 5.0 MEDIUM | N/A |
| ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | |||||
| CVE-2008-5283 | 1 Ghh | 1 Google Hack Honeypot File Upload Manager | 2008-12-01 | 6.4 MEDIUM | N/A |
| Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action. | |||||
| CVE-2008-3967 | 1 Mybb | 1 Mybb | 2008-11-14 | 7.5 HIGH | N/A |
| moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2008-11-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||
| CVE-2007-6690 | 1 Menalto | 1 Gallery | 2008-11-14 | 10.0 HIGH | N/A |
| The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | |||||
| CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2008-11-14 | 3.3 LOW | N/A |
| The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | |||||
| CVE-2007-6645 | 1 Joomla | 1 Joomla | 2008-11-14 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." | |||||
| CVE-2007-6619 | 1 Atlassian | 1 Jira | 2008-11-14 | 7.5 HIGH | N/A |
| The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. | |||||
| CVE-2007-6644 | 1 Joomla | 1 Joomla | 2008-11-14 | 6.5 MEDIUM | N/A |
| Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. | |||||
| CVE-2007-5254 | 1 Virusblokada | 1 Vba32 Antivirus | 2008-11-14 | 7.2 HIGH | N/A |
| VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe. | |||||
| CVE-2007-3804 | 1 Clavister | 1 Clavister Coreplus | 2008-11-14 | 5.0 MEDIUM | N/A |
| The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | |||||
| CVE-2007-6033 | 1 Wonderware | 1 Intouch | 2008-11-14 | 9.0 HIGH | N/A |
| Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. | |||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2008-11-14 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | |||||
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2008-11-12 | 7.5 HIGH | N/A |
| BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | |||||