Total
5477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5840 | 1 Phpicalendar | 2 Phpicalendar, Phpicalendar2.0 | 2025-04-09 | N/A |
| PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. | ||||
| CVE-2008-5780 | 1 Hostforest | 1 Forest Blog | 2025-04-09 | N/A |
| Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. | ||||
| CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2025-04-09 | N/A |
| Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-5673 | 1 Phparanoid | 1 Phparanoid | 2025-04-09 | N/A |
| PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-6334 | 2 Ingres, Microsoft | 2 Ingres, Windows Nt | 2025-04-09 | N/A |
| Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | ||||
| CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2025-04-09 | N/A |
| The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | ||||
| CVE-2008-5602 | 1 Natterchat | 1 Natterchat | 2025-04-09 | N/A |
| Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. | ||||
| CVE-2008-5600 | 1 Merlix | 1 Teamworx Server | 2025-04-09 | N/A |
| Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. | ||||
| CVE-2008-5601 | 1 Robs-projects | 1 Asp User Engine | 2025-04-09 | N/A |
| User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. | ||||
| CVE-2008-5592 | 1 Iwrite | 1 Nightfall Personal Diary | 2025-04-09 | N/A |
| Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. | ||||
| CVE-2008-5572 | 1 Dotnetindex | 1 Professional Download Assistant | 2025-04-09 | N/A |
| Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | ||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2025-04-09 | N/A |
| PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | ||||
| CVE-2008-5506 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." | ||||
| CVE-2008-5462 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | N/A |
| Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| CVE-2008-5417 | 1 Hp | 2 Decnet Plus For Openvms, Openvms | 2025-04-09 | N/A |
| HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | ||||
| CVE-2008-5393 | 1 Privacy-cd | 1 Unbuntu Privacy Remix | 2025-04-09 | N/A |
| UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays. | ||||
| CVE-2008-5385 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | ||||
| CVE-2008-5347 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | ||||
| CVE-2008-5340 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | ||||