Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0896 | 1 Bea Systems | 1 Weblogic Portal | 2011-03-08 | 4.9 MEDIUM | N/A |
| BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2008-0862 | 1 Ibm | 1 Lotus Notes | 2011-03-08 | 4.3 MEDIUM | N/A |
| IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. | |||||
| CVE-2008-0807 | 2 Debian, Horde | 4 Debian Linux, Groupware, Groupware Webmail Edition and 1 more | 2011-03-08 | 4.9 MEDIUM | N/A |
| lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | |||||
| CVE-2008-0741 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors. | |||||
| CVE-2008-0740 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 2.1 LOW | N/A |
| IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. | |||||
| CVE-2008-0697 | 1 Ibm | 1 Db2 | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | |||||
| CVE-2008-0696 | 1 Ibm | 1 Db2 | 2011-03-08 | 7.5 HIGH | N/A |
| IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | |||||
| CVE-2008-0664 | 1 Wordpress | 1 Wordpress | 2011-03-08 | 6.4 MEDIUM | N/A |
| The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | |||||
| CVE-2008-0577 | 1 Drupal | 1 Project Issue Tracking Module | 2011-03-08 | 6.4 MEDIUM | N/A |
| The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML. | |||||
| CVE-2008-0569 | 1 Drupal | 1 Comment Upload Module | 2011-03-08 | 6.4 MEDIUM | N/A |
| The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors. | |||||
| CVE-2008-0215 | 1 Hp | 2 Storage Essentials Srm Enterprise, Storage Essentials Srm Standard | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors. | |||||
| CVE-2008-0214 | 1 Hp | 1 Select Identity | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. | |||||
| CVE-2008-0038 | 1 Apple | 1 Mac Os X | 2011-03-08 | 1.9 LOW | N/A |
| Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | |||||
| CVE-2008-0037 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.3 MEDIUM | N/A |
| X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. | |||||
| CVE-2007-6594 | 1 Ibm | 1 Lotus Notes | 2011-03-08 | 6.9 MEDIUM | N/A |
| IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2007-6434 | 1 Linux | 1 Linux Kernel | 2011-03-08 | 2.1 LOW | N/A |
| Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function. | |||||
| CVE-2007-6383 | 1 Chandler Project | 1 Chandler Server | 2011-03-08 | 5.5 MEDIUM | N/A |
| The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection. | |||||
| CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2011-03-08 | 6.5 MEDIUM | N/A |
| MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | |||||
| CVE-2007-6305 | 3 Ibm, Linux, Unix | 3 Hardware Management Console, Linux Kernel, Unix | 2011-03-08 | 4.6 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." | |||||
| CVE-2007-6050 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." | |||||