Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0904 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 6.4 MEDIUM | N/A |
| The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests. | |||||
| CVE-2009-0872 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 6.8 MEDIUM | N/A |
| The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. | |||||
| CVE-2009-0732 | 1 Lingx | 1 Downloadcenter | 2017-08-17 | 5.0 MEDIUM | N/A |
| Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0700 | 1 Plunet | 1 Business Manager | 2017-08-17 | 4.0 MEDIUM | N/A |
| Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp. | |||||
| CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2017-08-17 | 7.5 HIGH | N/A |
| NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | |||||
| CVE-2008-7128 | 1 Xyssl | 1 Xyssl | 2017-08-17 | 7.5 HIGH | N/A |
| The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors. | |||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2017-08-17 | 6.9 MEDIUM | N/A |
| Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. | |||||
| CVE-2008-6954 | 1 Michael Dehaan | 1 Cobbler | 2017-08-17 | 9.0 HIGH | N/A |
| The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. | |||||
| CVE-2008-6886 | 1 Rsa | 1 Envision | 2017-08-17 | 5.0 MEDIUM | N/A |
| RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks. | |||||
| CVE-2008-6799 | 1 Tufat | 1 Flashchat | 2017-08-17 | 7.5 HIGH | N/A |
| connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7." | |||||
| CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2017-08-17 | 5.0 MEDIUM | N/A |
| internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2017-08-17 | 2.1 LOW | N/A |
| ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | |||||
| CVE-2008-6755 | 2 Redhat, Zoneminder | 2 Fedora, Zoneminder | 2017-08-17 | 5.0 MEDIUM | N/A |
| ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | |||||
| CVE-2008-6747 | 1 Dotproject | 1 Dotproject | 2017-08-17 | 6.8 MEDIUM | N/A |
| dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6603 | 1 Moinmo | 1 Moinmoin | 2017-08-17 | 6.8 MEDIUM | N/A |
| MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | |||||
| CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2017-08-17 | 5.0 MEDIUM | N/A |
| cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | |||||
| CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | |||||
| CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2017-08-17 | 5.0 MEDIUM | N/A |
| JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | |||||
| CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2017-08-17 | 5.0 MEDIUM | N/A |
| Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | |||||
| CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2017-08-17 | 7.5 HIGH | N/A |
| EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | |||||