Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3096 | 1 Drupal | 1 Outline Designer Module | 2025-04-09 | N/A |
| The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges. | ||||
| CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | ||||
| CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2025-04-09 | N/A |
| The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | ||||
| CVE-2008-3041 | 1 Typo3 | 1 Dam Frontend Extension | 2025-04-09 | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control." | ||||
| CVE-2009-1338 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-09 | N/A |
| The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command. | ||||
| CVE-2008-1397 | 1 Checkpoint | 5 Check Point Vpn-1 Pro, Vpn-1, Vpn-1 Firewall-1 and 2 more | 2025-04-09 | N/A |
| Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. | ||||
| CVE-2010-0318 | 1 Freebsd | 1 Freebsd | 2025-04-09 | N/A |
| The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure. | ||||
| CVE-2007-3782 | 2 Mysql, Redhat | 3 Community Server, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | ||||
| CVE-2009-1337 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-09 | N/A |
| The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. | ||||
| CVE-2005-4880 | 1 Jax Scripts | 1 Jax Guestbook | 2025-04-09 | N/A |
| Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv. | ||||
| CVE-2008-5597 | 1 Cold Bbs | 1 Cold Bbs | 2025-04-09 | N/A |
| Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. | ||||
| CVE-2009-1226 | 1 Podcast Generator | 1 Podcast Generator | 2025-04-09 | N/A |
| core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter. | ||||
| CVE-2007-5571 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | N/A |
| Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536. | ||||
| CVE-2009-1223 | 1 Fullrevolution | 1 Aspwebcalendar | 2025-04-09 | N/A |
| aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb. | ||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | ||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | ||||
| CVE-2008-2882 | 1 Aspindir | 1 Shibby Shop | 2025-04-09 | N/A |
| upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. | ||||
| CVE-2007-0004 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | N/A |
| The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries. | ||||
| CVE-2008-2873 | 1 Aspindir | 1 Shibby Shop | 2025-04-09 | N/A |
| sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. | ||||
| CVE-2007-5969 | 2 Mysql, Redhat | 5 Community Server, Mysql Enterprise Server, Mysql Server and 2 more | 2025-04-09 | N/A |
| MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. | ||||