Total
5468 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2025-04-09 | N/A |
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | ||||
CVE-2008-5673 | 1 Phparanoid | 1 Phparanoid | 2025-04-09 | N/A |
PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors. | ||||
CVE-2008-5130 | 1 Ocean12 Technologies | 1 Calendar Manager | 2025-04-09 | N/A |
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | ||||
CVE-2007-2279 | 1 Symantec | 1 Veritas Storage Foundation | 2025-04-09 | N/A |
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. | ||||
CVE-2008-5129 | 1 Ocean12 Technologies | 1 Poll Manager | 2025-04-09 | N/A |
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. | ||||
CVE-2008-5128 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-09 | N/A |
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | ||||
CVE-2008-5027 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | N/A |
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. | ||||
CVE-2007-6479 | 1 Dokeos | 1 Dokeos | 2025-04-09 | N/A |
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/. | ||||
CVE-2008-4831 | 1 Adobe | 1 Coldfusion | 2025-04-09 | N/A |
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. | ||||
CVE-2008-4512 | 1 Designplace | 1 Asp\/ms Access Shoutbox | 2025-04-09 | N/A |
ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | ||||
CVE-2008-4511 | 1 Todd Woolums | 1 Asp News Management | 2025-04-09 | N/A |
Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | ||||
CVE-2008-4484 | 1 Crux Software | 1 Gallery | 2025-04-09 | N/A |
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | ||||
CVE-2008-4415 | 1 Hp | 1 Service Manager | 2025-04-09 | N/A |
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. | ||||
CVE-2008-2539 | 1 Sun | 1 Cluster | 2025-04-09 | N/A |
The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors. | ||||
CVE-2008-4215 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | N/A |
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. | ||||
CVE-2008-4214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | ||||
CVE-2007-6501 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | N/A |
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | ||||
CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2025-04-09 | N/A |
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2008-4153 | 1 Drupal | 1 Talk | 2025-04-09 | N/A |
The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information. | ||||
CVE-2007-1227 | 1 Mcafee | 1 Virex | 2025-04-09 | N/A |
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. |