Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0245 | 1 Uploadscript | 2 Uploadimage, Uploadscript | 2024-08-07 | N/A |
| admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | ||||
| CVE-2008-0233 | 1 Zero Cms | 1 Zero Cms | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg. | ||||
| CVE-2008-0145 | 1 Php | 1 Php | 2024-08-07 | N/A |
| Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | ||||
| CVE-2008-0038 | 1 Apple | 1 Mac Os X | 2024-08-07 | N/A |
| Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | ||||
| CVE-2008-0135 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-08-07 | N/A |
| Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. | ||||
| CVE-2008-0148 | 1 Tutos | 1 Tutos | 2024-08-07 | N/A |
| TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. | ||||
| CVE-2008-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-07 | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | ||||
| CVE-2008-0162 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2024-08-07 | N/A |
| misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. | ||||
| CVE-2008-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | ||||
| CVE-2008-0046 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | ||||
| CVE-2008-0045 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | ||||
| CVE-2008-0037 | 1 Apple | 1 Mac Os X | 2024-08-07 | N/A |
| X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. | ||||
| CVE-2009-5138 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-08-07 | N/A |
| GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | ||||
| CVE-2009-5115 | 1 Mcafee | 1 Common Management Agent | 2024-08-07 | N/A |
| McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. | ||||
| CVE-2009-5019 | 1 Webwiz | 1 Web Wiz Newspad | 2024-08-07 | N/A |
| Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. | ||||
| CVE-2009-4904 | 1 Dootzky | 1 Oblog | 2024-08-07 | N/A |
| article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action. | ||||
| CVE-2009-4876 | 1 Netrix | 1 Netrix Cms | 2024-08-07 | N/A |
| admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter. | ||||
| CVE-2009-4874 | 1 Scripts.oldguy | 1 Talkback | 2024-08-07 | N/A |
| TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments. | ||||
| CVE-2009-4799 | 1 Diskos | 1 Diskos Cms | 2024-08-07 | N/A |
| Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | ||||
| CVE-2009-4820 | 1 Aspindir | 1 Angelo-emlak | 2024-08-07 | N/A |
| Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | ||||