Total
5477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6413 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | ||||
| CVE-2008-5384 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | ||||
| CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2025-04-09 | N/A |
| ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | ||||
| CVE-2008-5130 | 1 Ocean12 Technologies | 1 Calendar Manager | 2025-04-09 | N/A |
| Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | ||||
| CVE-2008-5129 | 1 Ocean12 Technologies | 1 Poll Manager | 2025-04-09 | N/A |
| Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. | ||||
| CVE-2008-5128 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-09 | N/A |
| Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | ||||
| CVE-2008-5027 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | N/A |
| The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. | ||||
| CVE-2008-4792 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | ||||
| CVE-2008-4791 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | ||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2025-04-09 | N/A |
| Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2008-4600 | 1 Steve Dawson | 1 Pokermax Poker League Tournament Script | 2025-04-09 | N/A |
| configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie. | ||||
| CVE-2008-4554 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-09 | N/A |
| The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | ||||
| CVE-2008-4545 | 1 Cisco | 1 Unity | 2025-04-09 | N/A |
| Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. | ||||
| CVE-2008-4512 | 1 Designplace | 1 Asp\/ms Access Shoutbox | 2025-04-09 | N/A |
| ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2008-4511 | 1 Todd Woolums | 1 Asp News Management | 2025-04-09 | N/A |
| Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2007-6441 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-09 | N/A |
| The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." | ||||
| CVE-2008-4484 | 1 Crux Software | 1 Gallery | 2025-04-09 | N/A |
| main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | ||||
| CVE-2008-4472 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2025-04-09 | N/A |
| The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | ||||
| CVE-2008-4245 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2025-04-09 | N/A |
| The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php. | ||||
| CVE-2008-3876 | 1 Apple | 1 Iphone | 2025-04-09 | N/A |
| Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. | ||||