Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1665 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-28 | 6.4 MEDIUM | N/A |
| myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields. | |||||
| CVE-2009-1652 | 1 2daybiz | 1 Business Community Script | 2017-09-28 | 7.5 HIGH | N/A |
| admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. | |||||
| CVE-2009-1637 | 1 Simplecustomer | 1 Simple Customer | 2017-09-28 | 6.4 MEDIUM | N/A |
| profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | |||||
| CVE-2009-1610 | 1 Jobscript | 1 Job Script Job Board Software | 2017-09-28 | 7.5 HIGH | N/A |
| admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request. | |||||
| CVE-2009-1582 | 1 Kalptarudemos | 1 Million Dollar Text Links | 2017-09-28 | 7.5 HIGH | N/A |
| Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | |||||
| CVE-2009-1550 | 1 Zakkis | 1 Abc Advertise | 2017-09-28 | 5.0 MEDIUM | N/A |
| Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request. | |||||
| CVE-2009-1495 | 1 Webfileexplorer | 1 Web File Explorer | 2017-09-28 | 5.0 MEDIUM | N/A |
| Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. | |||||
| CVE-2009-1322 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2017-09-28 | 5.0 MEDIUM | N/A |
| ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb. | |||||
| CVE-2009-1235 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-09-28 | 7.2 HIGH | N/A |
| XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. | |||||
| CVE-2009-1226 | 1 Podcast Generator | 1 Podcast Generator | 2017-09-28 | 7.5 HIGH | N/A |
| core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter. | |||||
| CVE-2009-0866 | 1 Phnews | 1 Phnews | 2017-09-28 | 5.0 MEDIUM | N/A |
| pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. | |||||
| CVE-2009-0827 | 1 Freedville | 1 Pollhelper | 2017-09-28 | 5.0 MEDIUM | N/A |
| PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | |||||
| CVE-2009-0828 | 1 Freedville | 1 Quotebook | 2017-09-28 | 5.0 MEDIUM | N/A |
| QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. | |||||
| CVE-2009-0826 | 1 Freedville | 1 Bloghelper | 2017-09-28 | 5.0 MEDIUM | N/A |
| BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | |||||
| CVE-2009-0807 | 1 Zfeeder | 1 Zfeeder | 2017-09-28 | 7.5 HIGH | N/A |
| zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. | |||||
| CVE-2009-0767 | 1 Bookelves | 1 Kipper | 2017-09-28 | 5.0 MEDIUM | N/A |
| Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data. | |||||
| CVE-2009-0760 | 1 Team5 | 1 Team Board | 2017-09-28 | 5.0 MEDIUM | N/A |
| Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. | |||||
| CVE-2009-0115 | 1 Christophe.varoqui | 1 Multipath-tools | 2017-09-28 | 7.2 HIGH | N/A |
| The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. | |||||
| CVE-2009-0108 | 1 Phpauctions | 1 Phpauctions | 2017-09-28 | 7.5 HIGH | N/A |
| PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. | |||||
| CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2017-09-28 | 7.5 HIGH | N/A |
| ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | |||||