Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5284 | 1 Freeipa | 1 Freeipa | 2017-10-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | |||||
| CVE-2017-14680 | 1 Zkteco | 1 Zktime Web | 2017-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | |||||
| CVE-2017-1002100 | 1 Kubernetes | 1 Kubernetes | 2017-09-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. | |||||
| CVE-2016-10351 | 1 Telegram Desktop | 1 Telegram Desktop | 2017-09-29 | 2.1 LOW | 5.5 MEDIUM |
| Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. | |||||
| CVE-2009-2130 | 1 Elvinbts | 1 Elvinbts | 2017-09-29 | 5.0 MEDIUM | N/A |
| Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | |||||
| CVE-2009-1949 | 1 Unclassified | 1 Newsboard | 2017-09-29 | 7.8 HIGH | N/A |
| import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2009-1870 | 1 Adobe | 3 Air, Flash Player, Flex | 2017-09-29 | 4.9 MEDIUM | N/A |
| Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." | |||||
| CVE-2009-1341 | 1 Debian | 1 Libdbd-pg-perl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. | |||||
| CVE-2009-0711 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2017-09-29 | 5.0 MEDIUM | N/A |
| filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown. | |||||
| CVE-2009-0628 | 1 Cisco | 1 Cisco Ios | 2017-09-29 | 9.0 HIGH | N/A |
| Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. | |||||
| CVE-2009-0518 | 1 Vmware | 3 Vmware Esx, Vmware Esxi, Vmware Virtualcenter | 2017-09-29 | 2.1 LOW | N/A |
| VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. | |||||
| CVE-2009-0453 | 1 Onlinegrades | 1 Online Grades | 2017-09-29 | 5.0 MEDIUM | N/A |
| Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2009-0358 | 1 Mozilla | 1 Firefox | 2017-09-29 | 3.3 LOW | N/A |
| Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | |||||
| CVE-2008-7154 | 1 Docebo | 1 Docebo | 2017-09-29 | 5.0 MEDIUM | N/A |
| Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message. | |||||
| CVE-2008-7069 | 1 Paul Arbogast | 1 Accms | 2017-09-29 | 7.5 HIGH | N/A |
| All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat. | |||||
| CVE-2008-7063 | 1 Ocean12tech | 1 Faq Manager Pro | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb. | |||||
| CVE-2008-6955 | 1 Infireal | 1 Mxcamarchive | 2017-09-29 | 7.5 HIGH | N/A |
| mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini. | |||||
| CVE-2008-6872 | 1 Aspthai.net | 1 Aspthai Forums | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb. | |||||
| CVE-2008-6537 | 1 Lightneasy | 1 Lightneasy | 2017-09-29 | 5.0 MEDIUM | N/A |
| LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST. | |||||
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2017-09-29 | 5.0 MEDIUM | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | |||||