Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0777 | 1 Microsoft | 2 Commercial Internet System, Internet Information Server | 2018-10-12 | 7.5 HIGH | N/A |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | |||||
| CVE-1999-0728 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 7.8 HIGH | N/A |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. | |||||
| CVE-1999-0909 | 1 Microsoft | 4 Terminal Server, Windows 95, Windows 98se and 1 more | 2018-10-12 | 7.5 HIGH | N/A |
| Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. | |||||
| CVE-1999-0344 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 7.2 HIGH | N/A |
| NT users can gain debug-level access on a system process using the Sechole exploit. | |||||
| CVE-1999-0899 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 7.2 HIGH | N/A |
| The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | |||||
| CVE-2009-0361 | 1 Eyrie | 1 Pam-krb5 | 2018-10-11 | 4.6 MEDIUM | N/A |
| Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. | |||||
| CVE-2009-0342 | 2 Linux, Provos | 2 Linux Kernel, Systrace | 2018-10-11 | 7.2 HIGH | N/A |
| Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. | |||||
| CVE-2009-0343 | 2 Linux, Niels Provos | 2 Linux Kernel, Systrace | 2018-10-11 | 7.2 HIGH | N/A |
| Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes. | |||||
| CVE-2009-0194 | 1 Garmin | 1 Garmin Communicator Plugin | 2018-10-11 | 9.3 HIGH | N/A |
| The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." | |||||
| CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2018-10-11 | 10.0 HIGH | N/A |
| The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2009-0034 | 1 Todd Miller | 1 Sudo | 2018-10-11 | 6.9 MEDIUM | N/A |
| parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | |||||
| CVE-2008-7209 | 1 Insane Visions | 1 Onecms | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2008-7173 | 1 Juracapecoffee | 2 Internet Connectivity Kit, Jura Impressa | 2018-10-11 | 10.0 HIGH | N/A |
| The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage. | |||||
| CVE-2008-7170 | 1 Gameservers | 1 Gsc | 2018-10-11 | 10.0 HIGH | N/A |
| GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | |||||
| CVE-2008-7161 | 1 Fortinet | 1 Fortigate-1000 | 2018-10-11 | 7.5 HIGH | N/A |
| Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. | |||||
| CVE-2008-7186 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2018-10-11 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504. | |||||
| CVE-2008-7111 | 1 Kyoceramita | 1 Scanner File Utility | 2018-10-11 | 9.3 HIGH | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109. | |||||
| CVE-2008-7095 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2018-10-11 | 7.8 HIGH | N/A |
| The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB. | |||||
| CVE-2009-0028 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 2.1 LOW | N/A |
| The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. | |||||
| CVE-2008-7216 | 1 Wordpress | 1 Peter\'s Math Anti-spam For Wordpress | 2018-10-11 | 4.3 MEDIUM | N/A |
| Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | |||||