Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-5846 | 1 Sixapart | 1 Movable Type | 2024-08-07 | N/A |
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen." | ||||
CVE-2008-5852 | 1 Emefa | 1 Emefa Guestbook | 2024-08-07 | N/A |
Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. | ||||
CVE-2008-5840 | 1 Phpicalendar | 2 Phpicalendar, Phpicalendar2.0 | 2024-08-07 | N/A |
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. | ||||
CVE-2008-5853 | 1 Chicomas | 1 Chicomas | 2024-08-07 | N/A |
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI. | ||||
CVE-2008-5780 | 1 Hostforest | 1 Forest Blog | 2024-08-07 | N/A |
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. | ||||
CVE-2008-5725 | 1 Entechtaiwan | 1 Powerstrip | 2024-08-07 | N/A |
The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory. | ||||
CVE-2008-5762 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2024-08-07 | N/A |
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | ||||
CVE-2008-5736 | 1 Freebsd | 1 Freebsd | 2024-08-07 | N/A |
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets. | ||||
CVE-2008-5724 | 1 Eset | 1 Smart Security | 2024-08-07 | N/A |
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. | ||||
CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2024-08-07 | N/A |
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5765 | 1 2500mhz | 1 Worksimple | 2024-08-07 | N/A |
WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | ||||
CVE-2008-5773 | 1 Nukedit | 1 Nukedit | 2024-08-07 | N/A |
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | ||||
CVE-2008-5687 | 1 Mediawiki | 1 Mediawiki | 2024-08-07 | N/A |
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. | ||||
CVE-2008-5716 | 1 Citrix | 1 Xen | 2024-08-07 | N/A |
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | ||||
CVE-2008-5675 | 1 Ibm | 1 Websphere Portal | 2024-08-07 | N/A |
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." | ||||
CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2024-08-07 | N/A |
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | ||||
CVE-2008-5673 | 1 Phparanoid | 1 Phparanoid | 2024-08-07 | N/A |
PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors. | ||||
CVE-2008-5601 | 1 Robs-projects | 1 Asp User Engine | 2024-08-07 | N/A |
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. | ||||
CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2024-08-07 | N/A |
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | ||||
CVE-2008-5625 | 1 Php | 1 Php | 2024-08-07 | N/A |
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. |